CVE-2024-21598 – Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
https://notcve.org/view.php?id=CVE-2024-21598
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095. Una validación inadecuada de la vulnerabilidad de corrección sintáctica de entrada en el daemon de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en red provoque una denegación de servicio (DoS). Si se recibe una actualización de BGP a través de una sesión BGP establecida que contiene un atributo de encapsulación de túnel con un TLV específicamente mal formado, rpd fallará y se reiniciará. Este problema afecta a Juniper Networks Junos OS: * 20.4 versiones 20.4R1 y versiones posteriores anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versiones 20.4R1-EVO y versiones posteriores anteriores a 20.4R3-S9-EVO; * Versiones 21.2-EVO anteriores a 21.2R3-S7-EVO; * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; * Versiones 22.3-EVO anteriores a 22.3R3-S1-EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO; * Versiones 23.2-EVO anteriores a 23.2R1-S2-EVO, 23.2R2-EVO; Este problema no afecta a Juniper Networks * versiones de Junos OS anteriores a 20.4R1; * Versiones de Junos OS Evolved anteriores a 20.4R1-EVO. Este es un problema relacionado pero independiente del descrito en JSA79095. • http://supportportal.juniper.net/JSA75739 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVE-2024-21590 – Junos OS Evolved: Packets which are not destined to the device can reach the RE
https://notcve.org/view.php?id=CVE-2024-21590
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. Una vulnerabilidad de validación de entrada incorrecta en Juniper Tunnel Driver (jtd) y el módulo ICMP de Juniper Networks Junos OS Evolved permite a un atacante no autenticado dentro del dominio administrativo MPLS enviar paquetes específicamente manipulados al motor de enrutamiento (RE) para provocar una denegación de servicio (DoS). ). Cuando el motor de reenvío de paquetes (PFE) recibe paquetes MPLS IPv4 de tránsito específicamente manipulados, estos paquetes se reenvían internamente al RE. La recepción continua de estos paquetes puede crear una condición sostenida de Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA75728 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N • CWE-20: Improper Input Validation •
CVE-2024-21612 – Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE
https://notcve.org/view.php?id=CVE-2024-21612
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. Una vulnerabilidad de manejo inadecuado de una estructura sintácticamente no válida en el servicio Object Flooding Protocol (OFP) de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). En todas las plataformas Junos OS Evolved, cuando se reciben paquetes TCP específicos en un puerto OFP abierto, el OFP falla y se reinicia el Routine Engine (RE). La recepción continua de estos paquetes TCP específicos dará lugar a una condición sostenida de Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA75753 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-228: Improper Handling of Syntactically Invalid Structure •
CVE-2024-21604 – Junos OS Evolved: A high rate of specific traffic will cause a complete system outage
https://notcve.org/view.php?id=CVE-2024-21604
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO. Una vulnerabilidad de asignación de recursos sin límites ni limitación en el kernel de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Si el motor de enrutamiento (RE) procesa una alta tasa de paquetes válidos específicos, esto provocará una pérdida de conectividad del RE con otros componentes del chasis y, por lo tanto, una interrupción completa y persistente del sistema. Tenga en cuenta que un filtro de firewall lo0 cuidadosamente diseñado bloqueará o limitará estos paquetes, lo que debería evitar que ocurra este problema. • https://supportportal.juniper.net/JSA75745 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-44201 – Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user.
https://notcve.org/view.php?id=CVE-2023-44201
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. Una vulnerabilidad de asignación de permisos incorrecta para recursos críticos en un archivo específico de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante autenticado local leer cambios de configuración sin tener los permisos. Cuando un usuario con los permisos respectivos realiza un cambio de configuración, se crea un archivo específico. • https://supprtportal.juniper.net/JSA73167 • CWE-732: Incorrect Permission Assignment for Critical Resource •