| Vulnerability Name: | CVE-2022-22232 (CCN-238489) | ||||||||||||
| Assigned: | 2021-12-21 | ||||||||||||
| Published: | 2022-10-12 | ||||||||||||
| Updated: | 2022-10-21 | ||||||||||||
| Summary: | A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-22232 Source: XF Type: UNKNOWN juniper-cve202222232-dos(238489) Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA69886 Source: CCN Type: Juniper Networks Security Bulletin JSA69886 Junos OS: SRX Series: If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific traffic is processed the PFE will crash (CVE-2022-22232) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||