A high-severity vulnerability has been identified in Juniper Networks Junos OS that affects SRX and MX Series devices. An unauthenticated attacker can remotely send specific network traffic that causes a critical process to crash, resulting in a complete denial of service (DoS) and disrupting all network traffic passing through the affected device.

This vulnerability is an infinite loop within the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) component. An unauthenticated, network-based attacker can exploit this by sending a specially crafted sequence of SIP messages over TCP to a vulnerable device. The SIP ALG fails to properly handle these messages, causing the flow management process to enter an infinite loop, which consumes excessive CPU resources and ultimately leads to a process crash and a Denial of Service condition for the entire device.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw will result in a Denial of Service (DoS), causing a complete outage of network traffic processed by the affected SRX or MX series device. The business impact includes significant operational disruption, unavailability of critical services (such as VoIP, internet access, or internal routing), potential financial loss due to downtime, and damage to the organization's reputation. The attack does not require authentication and can be launched remotely, increasing the risk profile.

Immediate Action: Apply the security updates provided by Juniper Networks to all affected devices immediately. Prioritize patching for internet-facing devices and critical infrastructure components to mitigate the risk of external attack.

Proactive Monitoring: Monitor network traffic for unusual or malformed SIP messages, particularly over TCP. System administrators should monitor CPU and memory utilization on the flow management process (flowd) on SRX and MX devices for abnormal spikes. Review system logs for entries related to SIP ALG errors or flowd process crashes.

Compensating Controls: If patching cannot be performed immediately, consider implementing the following controls:

• Disable the SIP ALG on the device if it is not required for business operations.
• Implement strict firewall rules or Access Control Lists (ACLs) to restrict SIP traffic from untrusted IP addresses to the affected devices.

Public Exploit Available: false

Due to the high severity (CVSS 7.5) and the potential for significant business disruption, it is strongly recommended that organizations prioritize the immediate application of vendor-supplied patches. Although this CVE is not currently listed on the CISA KEV catalog, its ability to be exploited by an unauthenticated remote attacker makes it a critical threat. Organizations should identify all vulnerable Juniper devices in their environment and proceed with the remediation plan without delay.