1. Home
  2. CVE Database
  3. CVE-2022-22198
HIGH · 7.5

CVE-2022-22198

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of t...

Vulnerability Description

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos20.4
JuniperMx10-
JuniperMx10000-
JuniperMx10003-
JuniperMx10008-
JuniperMx10016-
JuniperMx104-
JuniperMx150-
JuniperMx2008-
JuniperMx2010-
JuniperMx2020-
JuniperMx204-
JuniperMx240-
JuniperMx40-
JuniperMx480-
JuniperMx5-
JuniperMx80-
JuniperMx960-
JuniperSrx100-
JuniperSrx110-

Related Weaknesses (CWE)

CWE-824

References

FAQ

What is CVE-2022-22198?

CVE-2022-22198 is a vulnerability with a CVSS score of 7.5 (HIGH). An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of t...

How severe is CVE-2022-22198?

CVE-2022-22198 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22198?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10, Juniper Mx10000, Juniper Mx10003, Juniper Mx10008.