First published: Thu Apr 14 2022(Updated: )
An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Junos OS Evolved | =20.4-r1 | |
Junos OS Evolved | =20.4-r1-s1 | |
Junos OS Evolved | =20.4-r2 | |
Junos OS Evolved | =20.4-r2-s1 | |
Junos OS Evolved | =20.4-r2-s2 | |
Junos OS Evolved | =21.1-r1 | |
Junos OS Evolved | =21.1-r1-s1 | |
Junos OS Evolved | =21.1-r2 | |
Junos OS Evolved | =21.2-r1 | |
Junos OS Evolved | =21.2-r1-s1 | |
Junos OS Evolved | =21.2-r1-s2 | |
Juniper MX10 | ||
Juniper MX10000 | ||
Juniper MX10003 | ||
Juniper MX10008 | ||
Juniper MX10016 | ||
Juniper MX104 | ||
Juniper MX150 | ||
Juniper MX2008 | ||
Juniper MX2010 | ||
Juniper MX2020 | ||
Juniper MX204 | ||
Juniper MX240 | ||
Juniper MX40 | ||
Juniper MX480 | ||
Juniper MX5 | ||
Juniper MX80 | ||
Juniper MX960 | ||
Juniper SRX100 | ||
Juniper SRX110 | ||
Juniper SRX1400 | ||
Juniper SRX1500 | ||
Juniper SRX210 | ||
Juniper SRX220 | ||
Juniper SRX240 | ||
Juniper SRX240H2 | ||
Juniper SRX300 | ||
Juniper SRX320 | ||
Juniper SRX340 | ||
Juniper SRX3400 | ||
Juniper SRX345 | ||
Juniper SRX3600 | ||
Juniper SRX380 | ||
Juniper SRX4000 | ||
Juniper SRX4100 | ||
Juniper SRX4200 | ||
Juniper SRX4600 | ||
Junos OS SRX 5000 Series | ||
Juniper SRX5400 | ||
Juniper SRX550 | ||
Juniper SRX550 | ||
Juniper SRX550 | ||
Juniper SRX5600 | ||
Juniper SRX5800 | ||
Juniper SRX650 |
The following software releases have been updated to resolve this specific issue: 20.4R3, 21.1R2-S1, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-22198.
The severity of CVE-2022-22198 is high with a score of 7.5.
The affected software for CVE-2022-22198 is Juniper Networks Junos OS versions 20.4-r1, 20.4-r1-s1, 20.4-r2, 20.4-r2-s1, 20.4-r2-s2, 21.1-r1, 21.1-r1-s1, 21.1-r2, 21.2-r1, 21.2-r1-s1, and 21.2-r1-s2.
This vulnerability allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by sending specific packets, leading to a sustained DoS condition.
To fix CVE-2022-22198, it is recommended to update to the latest version of Juniper Networks Junos OS.