CVE-2022-22175 — Improper Locking in Networks Junos OS

CWE-667 — Improper Locking4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Juno…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os20.4 — 20.4R3-S1+3

▶NVDjuniper/junos4 versions+3

🔴Vulnerability Details

GHSA

GHSA-8whv-9rrr-8p39: An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker↗2022-01-20

▶

CVEList

Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22175: An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker↗2022-01-19

▶