CVE-2022-22175: Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed
First published: Wed Jan 19 2022(Updated: )
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =20.4-r1 | |
| Juniper JUNOS | =20.4-r1-s1 | |
| Juniper JUNOS | =20.4-r2 | |
| Juniper JUNOS | =20.4-r2-s1 | |
| Juniper JUNOS | =20.4-r2-s2 | |
| Juniper JUNOS | =20.4-r3 | |
| Juniper JUNOS | =21.1-r1 | |
| Juniper JUNOS | =21.1-r1-s1 | |
| Juniper JUNOS | =21.1-r2 | |
| Juniper JUNOS | =21.1-r2-s1 | |
| Juniper JUNOS | =21.2-r1 | |
| Juniper JUNOS | =21.2-r1-s1 | |
| Juniper JUNOS | =21.3-r1 | |
| Juniper Mx10 | ||
| Juniper Mx10000 | ||
| Juniper Mx10003 | ||
| Juniper Mx10008 | ||
| Juniper Mx10016 | ||
| Juniper Mx104 | ||
| Juniper Mx150 | ||
| Juniper Mx2008 | ||
| Juniper Mx2010 | ||
| Juniper Mx2020 | ||
| Juniper Mx204 | ||
| Juniper Mx240 | ||
| Juniper Mx40 | ||
| Juniper Mx480 | ||
| Juniper Mx5 | ||
| Juniper Mx80 | ||
| Juniper Mx960 | ||
| Juniper Srx100 | ||
| Juniper Srx110 | ||
| Juniper Srx1400 | ||
| Juniper Srx1500 | ||
| Juniper Srx210 | ||
| Juniper Srx220 | ||
| Juniper Srx240 | ||
| Juniper Srx240h2 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx3400 | ||
| Juniper Srx345 | ||
| Juniper Srx3600 | ||
| Juniper Srx380 | ||
| Juniper Srx4000 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx4600 | ||
| Juniper Srx5000 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx550 Hm | ||
| Juniper Srx550m | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 | ||
| Juniper Srx650 |
Remedy
The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-22175.
What is the severity of CVE-2022-22175?
The severity of CVE-2022-22175 is high with a CVSS score of 7.5.
How does CVE-2022-22175 affect Juniper Networks Junos OS?
CVE-2022-22175 affects Juniper Networks Junos OS on MX Series and SRX Series.
How can an attacker exploit CVE-2022-22175?
An unauthenticated networked attacker can exploit CVE-2022-22175 by causing a flowprocessing daemon crash in the SIP ALG, leading to a Denial of Service (DoS).
How can I fix CVE-2022-22175?
To fix CVE-2022-22175, it is recommended to upgrade to a fixed version of Juniper Networks Junos OS.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/title
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/20.4-r1
- version/juniper junos/20.4-r1-s1
- version/juniper junos/20.4-r2
- version/juniper junos/20.4-r2-s1
- version/juniper junos/20.4-r2-s2
- version/juniper junos/20.4-r3
- version/juniper junos/21.1-r1
- version/juniper junos/21.1-r1-s1
- version/juniper junos/21.1-r2
- version/juniper junos/21.1-r2-s1
- version/juniper junos/21.2-r1
- version/juniper junos/21.2-r1-s1
- version/juniper junos/21.3-r1
- canonical/juniper mx10
- canonical/juniper mx10000
- canonical/juniper mx10003
- canonical/juniper mx10008
- canonical/juniper mx10016
- canonical/juniper mx104
- canonical/juniper mx150
- canonical/juniper mx2008
- canonical/juniper mx2010
- canonical/juniper mx2020
- canonical/juniper mx204
- canonical/juniper mx240
- canonical/juniper mx40
- canonical/juniper mx480
- canonical/juniper mx5
- canonical/juniper mx80
- canonical/juniper mx960
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx240h2
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx380
- canonical/juniper srx4000
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/juniper srx5000
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx550 hm
- canonical/juniper srx550m
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650