CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
17.0%
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command.
user@srx> show security nat resource-usage source-pool <source_pool_name>
Pool name: source_pool_name
…
Address Factor-index Port-range Used Avail Total Usage
X.X.X.X
0 Single Ports 50258 52342 62464 96% <<<<<
Juniper Networks Junos OS on MX Series and SRX Series
Vendor | Product | Version | CPE |
---|---|---|---|
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:* |
juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:* |