Vulnerability CVE-2022-22198 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22198 (CCN-224259)

Assigned:

2021-12-21

Published:

2022-04-13

Updated:

2022-04-23

Summary:

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-22198

Source: XF
Type: UNKNOWN
juniper-cve202222198-dos(224259)

Source: CONFIRM
Type: Mitigation, Vendor Advisory
https://kb.juniper.net/JSA69513

Source: CCN
Type: Juniper Networks Security Bulletin JSA69513
Junos OS: MS-MPC or MS-MIC, or SPC crashes if it receives a SIP message with a specific contact header format (CVE-2022-22198)

Vulnerable Configuration:

Configuration 1:

cpe:/o:juniper:junos:20.4:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*

AND

cpe:/h:juniper:mx10:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10003:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10008:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10016:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx104:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx150:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2008:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2010:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2020:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx204:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx240:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx40:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx480:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx5:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx80:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx960:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx100:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx110:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx1400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx1500:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx210:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx220:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx240:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx240h2:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx300:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx320:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx340:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx3400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx345:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx3600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx380:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4100:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4200:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550_hm:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550m:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5800:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx650:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:juniper:junos:20.4:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:-:*:*:*:*:*:*

Denotes that component is vulnerable