On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA69901 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-10-17 20:15
Updated : 2022-10-21 05:58
NVD link : CVE-2022-22218
Mitre link : CVE-2022-22218
JSON object : View
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions
Products Affected
juniper
- srx210
- srx1500
- srx3600
- srx550_hm
- srx4100
- srx5000
- srx650
- srx550
- srx4600
- srx300
- srx4200
- srx340
- srx5600
- srx5800
- srx5400
- srx240
- junos
- srx380
- srx110
- srx3400
- srx320
- srx240h2
- srx1400
- srx100
- srx240m
- srx345
- srx4000
- srx550m
- srx220