CVSS: 6.5EPSS: 0%CPEs: 219EXPL: 0CVE-2021-0291 – Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service
https://notcve.org/view.php?id=CVE-2021-0291
15 Jul 2021 — An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on th... • https://kb.juniper.net/JSA11193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 222EXPL: 0CVE-2021-0290 – Junos OS: MX Series, EX9200 Series, SRX4600: Ethernet interface vulnerable to specially crafted frames
https://notcve.org/view.php?id=CVE-2021-0290
15 Jul 2021 — Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The interface does not recover on its own and the FPC must be reset manually. Continued receipt and processing of these frames will create a sustained Denial of Service (DoS) condition. This issue is platform-specific ... • https://kb.juniper.net/JSA11192 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 359EXPL: 0CVE-2021-0289 – Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted
https://notcve.org/view.php?id=CVE-2021-0289
15 Jul 2021 — When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show inte... • https://kb.juniper.net/JSA11191 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 227EXPL: 0CVE-2021-0288 – Junos OS: MX Series, EX9200 Series: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs
https://notcve.org/view.php?id=CVE-2021-0288
15 Jul 2021 — A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17... • https://kb.juniper.net/JSA11190 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 255EXPL: 0CVE-2021-0285 – Junos OS: QFX5000 Series and EX4600 Series: Continuous traffic destined to a device configured with MC-LAG leading to nodes losing their control connection which can impact traffic
https://notcve.org/view.php?id=CVE-2021-0285
15 Jul 2021 — An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) co... • https://kb.juniper.net/JSA11187 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 341EXPL: 0CVE-2021-0283 – Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore)
https://notcve.org/view.php?id=CVE-2021-0283
15 Jul 2021 — A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SH... • https://kb.juniper.net/JSA11200 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 207EXPL: 0CVE-2021-0282 – Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled
https://notcve.org/view.php?id=CVE-2021-0282
15 Jul 2021 — On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue ... • https://kb.juniper.net/JSA11186 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 203EXPL: 0CVE-2021-0281 – Junos OS and Junos OS Evolved: Specific packets can trigger rpd crash when BGP Origin Validation is configured with RPKI
https://notcve.org/view.php?id=CVE-2021-0281
15 Jul 2021 — On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1... • https://kb.juniper.net/JSA11185 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 263EXPL: 0CVE-2021-0277 – Junos OS and Junos OS Evolved: LLDP Out-of-Bounds Read vulnerability in l2cpd
https://notcve.org/view.php?id=CVE-2021-0277
15 Jul 2021 — An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: ... • https://kb.juniper.net/JSA11181 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 319EXPL: 0CVE-2021-0275 – Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.
https://notcve.org/view.php?id=CVE-2021-0275
22 Apr 2021 — A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 vers... • https://kb.juniper.net/JSA11166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •