Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos SIP ALG Denial of Service Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
DoS on SRX devices when SIP ALG is enabled
Insight
Insight
On SRX Series devices, when SIP ALG is enabled, a certain crafted SIP packet may cause the flowd process to crash. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs can beobtained by executing the 'show security alg status' CLI command.
Affected Software
Affected Software
Junos OS 12.1X46 and 12.1X47
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable SIP ALG or enable flow-based processing for IPv6 traffic.