CVE-2025-52960 (GCVE-0-2025-52960)
Vulnerability from cvelistv5
Published
2025-10-09 15:40
Modified
2025-10-09 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A Buffer Copy without Checking Size of Input vulnerability in the
Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When memory utilization is high, and specific SIP packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.
This issue affects Junos OS on SRX Series and MX Series:
* All versions before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 0 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-52960", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-10-09T19:43:33.225187Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-10-09T19:49:40.595Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "SRX Series", "MX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "22.4R3-S7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "23.2R2-S4", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "23.4R2-S5", "status": "affected", "version": "23.4", "versionType": "semver" }, { "lessThan": "24.2R2", "status": "affected", "version": "24.2", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX, and MX with SPC3 with:\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003ccode\u003eSIP : Enabled\u003c/code\u003e\u003cb\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e[services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003ea. name = junos-sip\u003c/code\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003eb. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003ec. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr\u003e" } ], "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX, and MX with SPC3 with:\n\nuser@host\u003e show security alg status | match sip\nSIP : Enabled\n\n\nPlease verify on MX whether the following is configured:\n\n[services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]where either\n\na. name = junos-sipor an application or application-set refers to SIP:\n\nb. [applications application \u003cname\u003e application-protocol sip]or\n\nc. [applications application-set \u003cname\u003e application junos-sip]" } ], "datePublic": "2025-10-08T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Buffer Copy without Checking Size of Input vulnerability in the \n\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen memory utilization is high, and specific \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSIP\u0026nbsp;\u003c/span\u003epackets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series and MX Series:\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S4, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S5, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e" } ], "value": "A Buffer Copy without Checking Size of Input vulnerability in the \n\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen memory utilization is high, and specific SIP\u00a0packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\nThis issue affects Junos OS on SRX Series and MX Series:\u00a0\n\n\n * All versions before 22.4R3-S7,\n * from 23.2 before 23.2R2-S4, \n * from 23.4 before 23.4R2-S5, \n * from 24.2 before 24.2R2." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-10-09T15:42:31.259Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA103143" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA103143", "defect": [ "1819450" ], "discovery": "USER" }, "title": "Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd crash", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security alg sip disable ]\u003c/tt\u003e\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\n\n[ security alg sip disable ]" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2025-52960", "datePublished": "2025-10-09T15:40:20.193Z", "dateReserved": "2025-06-23T13:17:37.424Z", "dateUpdated": "2025-10-09T19:49:40.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-52960\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-10-09T16:15:45.033\",\"lastModified\":\"2025-10-14T19:37:28.107\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Buffer Copy without Checking Size of Input vulnerability in the \\n\\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\\n\\nWhen memory utilization is high, and specific SIP\u00a0packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\\nThis issue affects Junos OS on SRX Series and MX Series:\u00a0\\n\\n\\n * All versions before 22.4R3-S7,\\n * from 23.2 before 23.2R2-S4, \\n * from 23.4 before 23.4R2-S5, \\n * from 24.2 before 24.2R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA103143\",\"source\":\"sirt@juniper.net\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52960\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-09T19:43:33.225187Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-09T19:43:34.236Z\"}}], \"cna\": {\"title\": \"Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd crash\", \"source\": {\"defect\": [\"1819450\"], \"advisory\": \"JSA103143\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.2, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.4R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2\", \"versionType\": \"semver\"}], \"platforms\": [\"SRX Series\", \"MX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-10-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA103143\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\\n\\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\\n\\n[ security alg sip disable ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security alg sip disable ]\u003c/tt\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Buffer Copy without Checking Size of Input vulnerability in the \\n\\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\\n\\nWhen memory utilization is high, and specific SIP\\u00a0packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\\nThis issue affects Junos OS on SRX Series and MX Series:\\u00a0\\n\\n\\n * All versions before 22.4R3-S7,\\n * from 23.2 before 23.2R2-S4, \\n * from 23.4 before 23.4R2-S5, \\n * from 24.2 before 24.2R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Buffer Copy without Checking Size of Input vulnerability in the \\n\\nSession Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen memory utilization is high, and specific \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSIP\u0026nbsp;\u003c/span\u003epackets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series and MX Series:\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S4, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S5, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\\n\\nPlease verify on SRX, and MX with SPC3 with:\\n\\nuser@host\u003e show security alg status | match sip\\nSIP : Enabled\\n\\n\\nPlease verify on MX whether the following is configured:\\n\\n[services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]where either\\n\\na. name = junos-sipor an application or application-set refers to SIP:\\n\\nb. [applications application \u003cname\u003e application-protocol sip]or\\n\\nc. [applications application-set \u003cname\u003e application junos-sip]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX, and MX with SPC3 with:\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003ccode\u003eSIP : Enabled\u003c/code\u003e\u003cb\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e[services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003ea. name = junos-sip\u003c/code\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003eb. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003ec. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-10-09T15:42:31.259Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2025-52960\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-09T19:49:40.595Z\", \"dateReserved\": \"2025-06-23T13:17:37.424Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-10-09T15:40:20.193Z\", \"assignerShortName\": \"juniper\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…