{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-52960","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2025-06-23T13:17:37.424Z","datePublished":"2025-10-09T15:40:20.193Z","dateUpdated":"2025-12-01T08:41:51.806Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["SRX Series","MX Series"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-S7","status":"affected","version":"0","versionType":"semver"},{"lessThan":"23.2R2-S4","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S5","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2","status":"affected","version":"24.2","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.</p><p>Please verify on SRX, and MX with SPC3 with:</p><code>user@host&gt; show security alg status | match sip</code><b><br></b><code>SIP : Enabled</code><b><p><br></p></b><p>Please verify on MX whether the following is configured:</p><code>[services ... rule &lt;rule-name&gt; (term &lt;term-name&gt; ) from/match application/application-set &lt;name&gt;]</code><p>where either</p><code>a. name = junos-sip</code><p>or an application or application-set refers to SIP:</p><code>b. [applications application &lt;name&gt; application-protocol sip]</code><p>or</p><code>c. [applications application-set &lt;name&gt; application junos-sip]</code><br>"}],"value":"To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX, and MX with SPC3 with:\n\nuser@host> show security alg status | match sip\nSIP : Enabled\n\n\nPlease verify on MX whether the following is configured:\n\n[services ... rule <rule-name> (term <term-name> ) from/match application/application-set <name>]where either\n\na. name = junos-sipor an application or application-set refers to SIP:\n\nb. [applications application <name> application-protocol sip]or\n\nc. [applications application-set <name> application junos-sip]"}],"datePublic":"2025-10-08T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Buffer Copy without Checking Size of Input vulnerability in the \n\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br><br>When memory utilization is high, and specific <span style=\"background-color: rgb(255, 255, 255);\">SIP&nbsp;</span>packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.<br><p>This issue affects Junos OS on SRX Series and MX Series:&nbsp;<br></p><ul><li>All versions before 22.4R3-S7,</li><li>from 23.2 before 23.2R2-S4, </li><li>from 23.4 before 23.4R2-S5, </li><li>from 24.2 before 24.2R2.</li></ul>"}],"value":"A Buffer Copy without Checking Size of Input vulnerability in the \n\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\nThis issue affects Junos OS on SRX Series and MX Series: \n\n\n  *  All versions before 22.4R3-S7,\n  *  from 23.2 before 23.2R2-S4, \n  *  from 23.4 before 23.4R2-S5, \n  *  from 24.2 before 24.2R2."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"YES","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.2,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2025-12-01T08:41:51.806Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA103143"},{"tags":["vendor-advisory"],"url":"https://kb.juniper.net/JSA103143"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases.<br>"}],"value":"The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases."}],"source":{"advisory":"JSA103143","defect":["1819450"],"discovery":"USER"},"title":"Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd/mspmand crash","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue.<br><br><span style=\"background-color: rgb(255, 255, 255);\">To reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it's by default enabled) by configuring:</span><br><br><tt>[ security alg sip disable ]</tt><br>"}],"value":"There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it's by default enabled) by configuring:\n\n[ security alg sip disable ]"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-09T19:43:33.225187Z","id":"CVE-2025-52960","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-09T19:49:40.595Z"}}]}}