CVE-2022-22206

Summary

A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat management). Continued receipt of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 20.2 versions prior to 20.2R3-S4 on SRX Series; 20.3 versions prior to 20.3R3-S3 on SRX Series; 20.4 versions prior to 20.4R3-S3 on SRX Series; 21.1 versions prior to 21.1R3-S1 on SRX Series; 21.2 versions prior to 21.2R2-S2, 21.2R3 on SRX Series; 21.3 versions prior to 21.3R2 on SRX Series; 21.4 versions prior to 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS20.2 < 20.2R3-S4affected
Juniper NetworksJunos OS20.3 < 20.3R3-S3affected
Juniper NetworksJunos OS20.4 < 20.4R3-S3affected
Juniper NetworksJunos OS21.1 < 21.1R3-S1affected
Juniper NetworksJunos OS21.2 < 21.2R2-S2, 21.2R3affected
Juniper NetworksJunos OS21.3 < 21.3R2affected
Juniper NetworksJunos OS21.4 < 21.4R2affected
Juniper NetworksJunos OSunspecified < 20.2R1unaffected

Weaknesses

  • Denial of Service (DoS)
  • CWE-120: CWE-120 Buffer Overflow

Workarounds

Disable UTM EWF safe-search by adding the no-safe-search config. Example: set security utm default-configuration web-filtering juniper-enhanced no-safe-search set security utm feature-profile web-filtering juniper-enhanced profile test-profile no-safe-search

ADP Enrichment

CVE Program Container

Additional References

References