CVE-2025-30656

Summary

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.

This issue affects Junos OS on MX Series and SRX Series: 

  • all versions before 21.2R3-S9,
  • 21.4 versions before 21.4R3-S10,
  • 22.2 versions before 22.2R3-S6,
  • 22.4 versions before 22.4R3-S5,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2-S3,
  • 24.2 versions before 24.2R1-S2, 24.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.2R3-S9affected
Juniper NetworksJunos OS21.4 < 21.4R3-S10affected
Juniper NetworksJunos OS22.2 < 22.2R3-S6affected
Juniper NetworksJunos OS22.4 < 22.4R3-S5affected
Juniper NetworksJunos OS23.2 < 23.2R2-S3affected
Juniper NetworksJunos OS23.4 < 23.4R2-S3affected
Juniper NetworksJunos OS24.2 < 24.2R1-S2, 24.2R2affected

Weaknesses

  • CWE-167: CWE-167 Improper Handling of Additional Special Element

Workarounds

There are no known workarounds for this issue.

To reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it's by default enabled) by configuring:

[ security alg sip disable

]

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References