CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series can cause a Denial of Service.

It is possible to exploit this vulnerability if an attacker sends malformed packets to the device. An attacker may use a packet containing a NULL pointer to crash the PFE and cause the device to restart. Repeated crash of the PFE may cause the device to restart too frequently, resulting in a DoS of the device. An attacker may also create a packet containing a NULL pointer and send it to an end-user’s computer, causing the device to crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. It is possible to exploit this vulnerability if an attacker sends malformed packets to the device. An attacker may use a packet containing a NULL pointer to crash the PFE and cause the device to restart. Repeated crash of the PFE may cause the device to restart too frequently, resulting in a DoS of the device. An attacker may also create a packet containing a NULL pointer and send it to an end-user’s computer, causing the device to crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1. It is possible to exploit this vulnerability if an attacker sends malformed packets to the device. An attacker may use a packet

How do I verify if my device is vulnerable?

To verify if your device is vulnerable, you need to use the following command:
set system syslog vcsw 0
This command will show if an attacker has exploited this vulnerability.

Summary

Juniper Networks Junos OS: 21.4 versions prior to 21.4R1, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1, 22.1R2 on SRX Series

Products Affected by Junos OS Network Management Denial of Service Vulnerability

The vulnerability affects Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series.

Timeline

Published on: 10/18/2022 03:15:00 UTC

References