"value":"To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with:\n\n user@host> show security alg status | match sip\n SIP : Enabled\n\nPlease verify on MX whether the following is configured:\n\n [ services ... rule <rule-name> (term <term-name>) from/match application/application-set <name> ]\n\nwhere either\na. name = junos-sip or\nan application or application-set refers to SIP:\nb. [ applications application <name> application-protocol sip ] or\nc. [ applications application-set <name> application junos-sip ]"
"value":"An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1."
"value":"The following software releases have been updated to resolve this specific issue: 20.4R3, 21.1R2-S1, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source":{
"advisory":"JSA69513",
"defect":[
"1612450"
],
"discovery":"USER"
},
"work_around":[
{
"lang":"eng",
"value":"There are no viable workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed."
