CVE-2022-22198
Severity CVSS v4.0:
Pending analysis
Type:
CWE-824
Access of Uninitialized Pointer
Publication date:
14/04/2022
Last modified:
23/04/2022
Description
An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page