A denial-of-service vulnerability has been identified in the SIP application layer gateway (ALG) of Juniper Networks Junos OS. This issue affects SRX Series and MX Series with MX-SPC3 or MS-MPC service cards. The vulnerability arises from an infinite loop condition caused by the incorrect parsing of SIP headers in response to specific SIP messages sent over TCP. This mismanagement of SIP traffic leads to a crash of the flow management process, disrupting normal operations. The issue does not occur with SIP messages sent over UDP.
Exploitation of this vulnerability causes the flow management process to crash, leading to a denial-of-service condition. On SRX Series and MX Series with MX-SPC3, the flowd process is terminated. On MX Series with MS-MPC, the mspmand process crashes instead.
Users can update to Junos OS versions 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases. If the SIP ALG is not required, it can be disabled on SRX Series and MX Series with MX-SPC3.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
