Main Vulnerability Database Vulnerabilities #VU82504

#VU82504 Unchecked return value to null pointer dereference in Juniper Junos OS - CVE-2022-22231

Published: October 12, 2022

Vulnerability identifier: #VU82504

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22231

CWE-ID: CWE-690

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value to null pointer dereference error in Packet Forwarding Engine (PFE). A remote non-authenticated attacker can cause a Denial of Service (DoS).

On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231

#VU82504 Unchecked return value to null pointer dereference in Juniper Junos OS - CVE-2022-22231

Description

Remediation

External links

Please verify you're human