Main Vulnerability Database Vulnerabilities #VU82504

Unchecked return value to null pointer dereference in Juniper Junos OS - CVE-2022-22231

Published: October 12, 2022

Vulnerability identifier: #VU82504

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22231

CWE-ID: CWE-690

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value to null pointer dereference error in Packet Forwarding Engine (PFE). A remote non-authenticated attacker can cause a Denial of Service (DoS).

On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart.

How to mitigate CVE-2022-22231

Install updates from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231

Unchecked return value to null pointer dereference in Juniper Junos OS - CVE-2022-22231

Detailed vulnerability description

How to mitigate CVE-2022-22231

Sources

Please verify you're human