Page 12 of 69 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0

An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO. Una Verificación Inadecuada de Condiciones Inusuales o Excepcionales en Packet Forwarding Engine (pfe) de Juniper Networks Junos OS Evolved en la serie PTX10003 permite que un atacante adyacente no autenticado cause un impacto en la integridad del sistema. Cuando el PFE recibe paquetes MPLS de tránsito específicos, estos paquetes se reenvían internamente al RE. Este problema es un requisito previo para CVE-2023-44195. • https://supportportal.juniper.net/JSA73162 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO. Una vulnerabilidad de Restricción Inadecuada del Canal de Comunicación a los Endpoints Previstos en el daemon del agente NetworkStack (nsagentd) de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado cause un impacto limitado en la disponibilidad del sistema. Si paquetes específicos llegan al Routing-Engine (RE), se procesarán normalmente incluso si existen filtros de firewall que deberían haberlo impedido. Esto puede provocar un consumo mayor y limitado de recursos, lo que resulta en una Denegación de Servicio (DoS) y un acceso no autorizado. • https://supportportal.juniper.net/JSA73160 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •

CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf' Una vulnerabilidad de restricción inadecuada de operaciones dentro de los límites de un búfer de memoria en el proceso del Management Daemon (mgd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante con pocos privilegios autenticado basado en red, ejecutando un comando específico a través de NETCONF, para provocar una Denegación de Servicio (DoS) de la CPU en el plano de control del dispositivo. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S7; * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S2; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2-S1, 22.3R3; * Versiones 22.4 anteriores a 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 21.4R3-S4-EVO; * Versiones 22.1 anteriores a 22.1R3-S2-EVO; * Versiones 22.2 anteriores a 22.2R3-EVO; * Versiones 22.3 anteriores a 22.3R3-EVO; * Versiones 22.4 anteriores a 22.4R2-EVO. Se puede ver un indicador de compromiso determinando primero si el cliente NETCONF ha iniciado sesión y no logra cerrar sesión después de un período de tiempo razonable y, en segundo lugar, revisando el porcentaje de WCPU para el proceso mgd ejecutando el siguiente comando: mgd process example: user@device-re#&gt; show system processes extensive | match "mgd|PID" | excepto el último PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt; revise el alto porcentaje de CPU. Ejemplo para comprobar la actividad de NETCONF: si bien no existe un comando específico que muestre una sesión específica en uso para NETCONF, puede revisar los registros de UI_LOG_EVENT con "client-mode 'netconf'". • https://supportportal.juniper.net/JSA73147 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 151EXPL: 0

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2. Una vulnerabilidad de desbordamiento de búfer en el comando CLI de Juniper Networks Junos OS permite a un atacante con pocos privilegios ejecutar comandos CLI específicos que conducen a una Denegación de Servicio. Las acciones repetidas del atacante crearán una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a Juniper Networks: Junos OS * Todas las versiones anteriores a 19.1R3-S10; * Versiones 19.2 anteriores a 19.2R3-S7; * Versiones 19.3 anteriores a 19.3R3-S8; * Versiones 19.4 anteriores a 19.4R3-S12; * Versiones 20.2 anteriores a 20.2R3-S8; * Versiones 20.4 anteriores a 20.4R3-S8; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S1; * Versiones 23.2 anteriores a 23.2R2. • https://supportportal.juniper.net/JSA73140 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 150EXPL: 0

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Una vulnerabilidad de desbordamiento de búfer en el comando CLI de Juniper Networks Junos OS permite a un atacante con pocos privilegios ejecutar comandos CLI específicos que conducen a una Denegación de Servicio. Las acciones repetidas del atacante crearán una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a Juniper Networks: Junos OS: * Todas las versiones anteriores a 20.4R3-S8; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.3 anteriores a 22.3R3; * Versiones 22.4 anteriores a 22.4R3. • https://supportportal.juniper.net/JSA73140 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •