CVSS: 8.6EPSS: 0%CPEs: 208EXPL: 0CVE-2021-0203 – Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured
https://notcve.org/view.php?id=CVE-2021-0203
15 Jan 2021 — On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from proliferating and degrading the LAN. Note: this issue does not affect EX2200, EX3300, EX4200, and EX9200 Seri... • https://kb.juniper.net/JSA11093 • CWE-794: Incomplete Filtering of Multiple Instances of Special Elements •
CVSS: 6.5EPSS: 0%CPEs: 187EXPL: 0CVE-2020-1688 – Junos OS: SRX and NFX Series: Insufficient Web API private key protection
https://notcve.org/view.php?id=CVE-2020-1688
16 Oct 2020 — On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obta... • https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911 • CWE-320: Key Management Errors CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 151EXPL: 0CVE-2020-1684 – Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled.
https://notcve.org/view.php?id=CVE-2020-1684
16 Oct 2020 — On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Seri... • https://kb.juniper.net/JSA11081 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 146EXPL: 0CVE-2020-1682 – Junos OS: SRX1500, vSRX, SRX4K, NFX150, NFX250: Denial of service vulnerability executing local CLI command
https://notcve.org/view.php?id=CVE-2020-1682
16 Oct 2020 — An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This... • https://kb.juniper.net/JSA11079 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 243EXPL: 0CVE-2020-1680 – Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration.
https://notcve.org/view.php?id=CVE-2020-1680
16 Oct 2020 — On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS... • https://kb.juniper.net/JSA11077 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.3EPSS: 0%CPEs: 237EXPL: 0CVE-2020-1661 – Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet.
https://notcve.org/view.php?id=CVE-2020-1661
16 Oct 2020 — On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash ... • https://kb.juniper.net/JSA11056 •
CVSS: 7.5EPSS: 0%CPEs: 97EXPL: 0CVE-2020-1657 – Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service.
https://notcve.org/view.php?id=CVE-2020-1657
16 Oct 2020 — On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 1... • https://kb.juniper.net/JSA11050 • CWE-408: Incorrect Behavior Order: Early Amplification •
CVSS: 8.8EPSS: 0%CPEs: 326EXPL: 0CVE-2020-1656 – Junos OS: When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client message, Remote Code Execution may occur.
https://notcve.org/view.php?id=CVE-2020-1656
16 Oct 2020 — The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices... • https://kb.juniper.net/JSA11049 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 250EXPL: 0CVE-2020-1643 – Junos OS: EX Series: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured
https://notcve.org/view.php?id=CVE-2020-1643
17 Jul 2020 — Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, ... • https://kb.juniper.net/JSA11030 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 278EXPL: 0CVE-2020-1641 – Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash.
https://notcve.org/view.php?id=CVE-2020-1641
17 Jul 2020 — A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages |... • https://kb.juniper.net/JSA11027 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •