7.5

CVE-2022-22231

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version21.4 Update-
   JuniperSrx1500 Version-
   JuniperSrx4100 Version-
   JuniperSrx4200 Version-
   JuniperSrx4600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
JuniperJunos Version21.4 Updater1
   JuniperSrx1500 Version-
   JuniperSrx4100 Version-
   JuniperSrx4200 Version-
   JuniperSrx4600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
JuniperJunos Version21.4 Updater1-s1
   JuniperSrx1500 Version-
   JuniperSrx4100 Version-
   JuniperSrx4200 Version-
   JuniperSrx4600 Version-
   JuniperSrx5400 Version-
   JuniperSrx550 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.513
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-690 Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.