CVE-2022-22204

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 20.4R3-S2 Juniper Networks Junos OS versions prior to 21.1R3-S2 Juniper Networks Junos OS versions prior to 21.2R2-S2 Juniper Networks Junos OS versions prior to 21.2R3 Juniper Networks Junos OS versions prior to 21.3R2 Juniper Networks Junos OS versions prior to 21.4R2

Description An Improper Release of Memory Before Removing Last Reference issue in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). If the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP traffic. The SIP call usage can be monitored by "show security alg sip calls". To be affected, the SIP ALG needs to be enabled, either implicitly or by way of configuration. Juniper SIRT is not aware of any malicious exploitation of this issue.

Recommendations For Juniper Networks Junos OS versions prior to 20.4R3-S2, update to version 20.4R3-S2 or later. For Juniper Networks Junos OS versions prior to 21.1R3-S2, update to version 21.1R3-S2 or later. For Juniper Networks Junos OS versions prior to 21.2R2-S2, update to version 21.2R2-S2 or later. For Juniper Networks Junos OS versions prior to 21.2R3, update to version 21.2R3 or later. For Juniper Networks Junos OS versions prior to 21.3R2, update to version 21.3R2 or later. For Juniper Networks Junos OS versions prior to 21.4R2, update to version 21.4R2 or later. As a temporary workaround, consider disabling the SIP ALG until a patch is available. Restrict access to the SIP ALG to minimize the risk of exploitation. Monitor SIP call usage using "show security alg sip calls" to detect potential issues.