CVE-2022-22231
SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.
Una vulnerabilidad de Desreferencia de Valor de Retorno no Comprobado a puntero NULL en Packet Forwarding Engine (PFE) de Junos OS de Juniper Networks permite que un atacante no autenticado y basado en la red cause una Denegación de Servicio (DoS). En la serie SRX, si el filtrado de contenidos mejorado (CF) y el antivirus (AV) de la administración unificada de amenazas (UTM) están activados conjuntamente y el sistema procesa un tráfico de tránsito válido específico, Packet Forwarding Engine (PFE) es bloqueado y es reiniciado. Este problema afecta a Juniper Networks Junos OS versiones 21.4 anteriores a 21.4R1-S2, 21.4R2 en la serie SRX. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 21.4R1
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-21 CVE Reserved
- 2022-10-18 CVE Published
- 2024-05-04 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-252: Unchecked Return Value
- CWE-690: Unchecked Return Value to NULL Pointer Dereference
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|