CVE-2022-22198

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.
References
Link Resource
https://kb.juniper.net/JSA69513 Mitigation Vendor Advisory
https://kb.juniper.net/JSA69513 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*
OR cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:46

Type Values Removed Values Added
References () https://kb.juniper.net/JSA69513 - Mitigation, Vendor Advisory () https://kb.juniper.net/JSA69513 - Mitigation, Vendor Advisory

Information

Published : 2022-04-14 16:15

Updated : 2024-11-21 06:46


NVD link : CVE-2022-22198

Mitre link : CVE-2022-22198

CVE.ORG link : CVE-2022-22198


JSON object : View

Products Affected

juniper

  • mx40
  • srx1400
  • srx240h2
  • srx300
  • srx4000
  • srx4600
  • srx3600
  • mx960
  • srx210
  • mx5
  • mx10
  • junos
  • mx104
  • srx550_hm
  • srx340
  • mx204
  • srx550
  • mx150
  • srx4200
  • srx3400
  • srx550m
  • mx10008
  • srx5000
  • mx80
  • mx2010
  • srx5800
  • srx345
  • srx1500
  • srx220
  • mx10016
  • srx650
  • srx5600
  • mx2008
  • mx10003
  • srx5400
  • mx480
  • srx100
  • srx110
  • srx320
  • srx240
  • srx380
  • mx10000
  • mx2020
  • mx240
  • srx4100
CWE
CWE-824

Access of Uninitialized Pointer