CVE-2022-22167 — Incorrect Authorization in Networks Junos OS

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

9.8CRITICALNVD

CNA7.2

EPSS

0.3%

top 51.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-polic…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os18.4 — 18.4R2-S10, 18.4R3-S10+10

▶NVDjuniper/junos11 versions+10

🔴Vulnerability Details

GHSA

GHSA-p6cr-hm6f-97rw: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep P↗2022-01-20

▶

CVEList

Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22167: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep P↗2022-01-19

▶