CVE-2019-0055
HIGHJuniper Junos OS - Denial of Service via SIP ALG Packet Processing
Title source: llmDescription
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.juniper.net/JSA10953
Vendor Advisory mailing-list
x_refsource_mlist
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html
Scores
CVSS v3
7.5
EPSS
0.0135
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-130
Status
published
Products (4)
juniper/junos
12.3x48 d10 (10 CPE variants)
juniper/junos
15.1x49 (18 CPE variants)
juniper/junos
17.3 (4 CPE variants)
juniper/junos
17.4 (7 CPE variants)
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026