Page 11 of 70 results (0.013 seconds)

CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command:   root@srx> show system processes extensive | match pkid   xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el daemon de infraestructura de clave pública (pkid) de Juniper Networks Junos OS permite que un atacante en red no autenticado provoque una denegación de servicio (DoS). El pkid es responsable de la verificación del certificado. • https://supportportal.juniper.net/JSA79179 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3,  * 21.2 versions before 21.2R2-S1, 21.2R3,  * 21.3 versions before 21.3R1-S2, 21.3R2. Una vulnerabilidad de autenticación faltante para función crítica en el motor de reenvío de paquetes (pfe) de Juniper Networks Junos OS en la serie MX con SPC3 y la serie SRX permite que un atacante basado en red no autenticado cause un impacto limitado en la integridad o disponibilidad del dispositivo. Si un dispositivo está configurado con el algoritmo de autenticación IPsec hmac-sha-384 o hmac-sha-512, los túneles se establecen normalmente, pero para el tráfico que atraviesa el túnel no se envía información de autenticación con los datos cifrados en la salida y no se espera información de autenticación en ingreso. • http://supportportal.juniper.net/JSA79188 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. Una vulnerabilidad de orden de comportamiento incorrecto en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS en la serie EX4300 permite que un atacante basado en red no autenticado cause un impacto en la integridad de las redes posteriores al dispositivo vulnerable. Cuando se aplica un filtro de firewall de salida a una interfaz, no reconoce los paquetes coincidentes pero permite cualquier tráfico. Este problema afecta a las versiones Junos OS 21.4 desde 21.4R1 anteriores a 21.4R3-S6. Este problema no afecta a las versiones de Junos OS anteriores a la 21.4R1. • http://supportportal.juniper.net/JSA79185 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N • CWE-696: Incorrect Behavior Order •

CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS:  * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved:  * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,  * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO. Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegación de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronización interna del sistema, que está fuera del control de los atacantes. • http://supportportal.juniper.net/JSA79184 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.  This issue affects Junos OS:  All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6. Una verificación inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS en la serie EX4300 permite que un atacante autenticado localmente con privilegios bajos provoque una denegación de servicio (DOS). Si se emite un comando CLI específico, se producirá un bloqueo de PFE. Esto provocará que el reenvío de tráfico se interrumpa hasta que el sistema se recupere automáticamente. • http://supportportal.juniper.net/JSA79186 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-754: Improper Check for Unusual or Exceptional Conditions •