CVE-2023-22394

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series and MX Series platforms versions prior to 19.3R3-S7 Juniper Networks Junos OS on SRX Series and MX Series platforms version 19.4 prior to 19.4R2-S8, 19.4R3-S10 Juniper Networks Junos OS on SRX Series and MX Series platforms version 20.1R1 and later versions Juniper Networks Junos OS on SRX Series and MX Series platforms version 20.2 prior to 20.2R3-S6 Juniper Networks Junos OS on SRX Series and MX Series platforms version 20.3 prior to 20.3R3-S6 Juniper Networks Junos OS on SRX Series and MX Series platforms version 20.4 prior to 20.4R3-S5 Juniper Networks Junos OS on SRX Series and MX Series platforms version 21.1 prior to 21.1R3-S5 Juniper Networks Junos OS on SRX Series and MX Series platforms version 21.2 prior to 21.2R3-S1 Juniper Networks Junos OS on SRX Series and MX Series platforms version 21.3 prior to 21.3R3 Juniper Networks Junos OS on SRX Series and MX Series platforms version 21.4 prior to 21.4R2-S2, 21.4R3 Juniper Networks Junos OS on SRX Series and MX Series platforms version 22.1 prior to 22.1R1-S2, 22.1R2, 22.1R3-S1

Description An Improper Handling of Unexpected Data Type issue in the handling of SIP calls allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this issue prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly or by way of configuration.

Recommendations To resolve the issue for versions prior to 19.3R3-S7, update to version 19.3R3-S7 or later. To resolve the issue for version 19.4, update to version 19.4R2-S8, 19.4R3-S10 or later. To resolve the issue for version 20.1R1 and later versions, update to a version that is not affected. To resolve the issue for version 20.2 prior to 20.2R3-S6, update to version 20.2R3-S6 or later. To resolve the issue for version 20.3 prior to 20.3R3-S6, update to version 20.3R3-S6 or later. To resolve the issue for version 20.4 prior to 20.4R3-S5, update to version 20.4R3-S5 or later. To resolve the issue for version 21.1 prior to 21.1R3-S5, update to version 21.1R3-S5 or later. To resolve the issue for version 21.2 prior to 21.2R3-S1, update to version 21.2R3-S1 or later. To resolve the issue for version 21.3 prior to 21.3R3, update to version 21.3R3 or later. To resolve the issue for version 21.4 prior to 21.4R2-S2, 21.4R3, update to version 21.4R2-S2, 21.4R3 or later. To resolve the issue for version 22.1 prior to 22.1R1-S2, 22.1R2, 22.1R3-S1, update to version 22.1R1-S2, 22.1R2, 22.1R3-S1 or later. As a temporary workaround, consider disabling the SIP ALG until a patch is available. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled