CVE-2022-22198

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 20.4 through 20.4R3 Juniper Networks Junos OS versions 21.1 through 21.1R2-S1, 21.1R3 Juniper Networks Junos OS versions 21.2 through 21.2R2

Description An Access of Uninitialized Pointer issue in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format.

Recommendations For versions 20.4 through 20.4R3, update to version 20.4R3 or later. For versions 21.1 through 21.1R2-S1, 21.1R3, update to version 21.1R2-S1 or later, or 21.1R3 or later. For versions 21.2 through 21.2R2, update to version 21.2R2 or later. As a temporary workaround, consider disabling the SIP ALG on MX and SRX platforms to minimize the risk of exploitation.