Headline
CVE-2022-22175: 2022-01 Security Bulletin: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed (CVE-2022-22175)
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
This issue affects Junos OS 20.4, 21.1, 21.2, 21.3. Affected platforms: MX Series, SRX Series.
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition.
This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously.
This issue affects Juniper Networks Junos OS:
- 20.4 versions prior to 20.4R3-S1;
- 21.1 versions prior to 21.1R2-S2, 21.1R3;
- 21.2 versions prior to 21.2R1-S2, 21.2R2;
- 21.3 versions prior to 21.3R1-S1, 21.3R2.
This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with:
user@host> show security alg status | match sip
SIP : Enabled
Please verify on MX whether the following is configured:
[ ... services alg sip ]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2022-22175.
The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases.
This issue is being tracked as 1604123.
There are no viable workarounds for this issue.
Software releases or updates are available for download at https://support.juniper.net/support/downloads/
2022-01-12: Initial Publication.
Information for how Juniper Networks uses CVSS can be found at KB 16446 “Common Vulnerability Scoring System (CVSS) and Juniper’s Security Advisories.”