CVSS: 7.5EPSS: 0%CPEs: 119EXPL: 0CVE-2019-0051 – SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.
https://notcve.org/view.php?id=CVE-2019-0051
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. La funcionalidad proxy SSL en dispositivos SRX no puede manejar una limitación de recursos de hardware que puede ser explotada por servidores SSL/TLS remotos para bloquear el demonio flowd. • https://kb.juniper.net/JSA10973 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 146EXPL: 0CVE-2019-0052 – SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets
https://notcve.org/view.php?id=CVE-2019-0052
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series. El proceso srxpfe puede bloquearse en los gateways de servicios de la serie SRX cuando el módulo UTM procesa un paquete HTTP fragmentado específico. • http://www.securityfocus.com/bid/109145 https://kb.juniper.net/JSA10946 • CWE-404: Improper Resource Shutdown or Release CWE-436: Interpretation Conflict •
CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 0CVE-2019-0044 – Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface
https://notcve.org/view.php?id=CVE-2019-0044
Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160. La recepción de un paquete específico en la interfaz de administración fuera de banda fxp0 puede hacer que el sistema se bloquee y se reinicie (vmcore). Mediante el envío continuo de un paquete especialmente creado a la interfaz fxp0, un atacante puede bloquear repetitivamente el proceso rpd y provocar una denegación de servicio (DoS) prolongada. • http://www.securityfocus.com/bid/107872 https://kb.juniper.net/JSA10936 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 344EXPL: 0CVE-2019-0043 – Junos OS: RPD process crashes upon receipt of a specific SNMP packet
https://notcve.org/view.php?id=CVE-2019-0043
In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10. En entornos MPLS, la recepción de un paquete SNMP específico puede provocar que el proceso rpd (Routing Protocol Daemon) se cierre inesperadamente y se reinicie. • https://kb.juniper.net/JSA10935 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-0033 – SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured.
https://notcve.org/view.php?id=CVE-2019-0033
A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series. Una vulnerabilidad de omisión del firewall en el servicio ARP proxy del Juniper Networks Junos OS permite a un atacante provocar una condición de denegación de servicio (DoS), debido a un alto uso de la CPU . Este problema afecta sólo a IPv4. • http://www.securityfocus.com/bid/107882 https://kb.juniper.net/JSA10922 • CWE-400: Uncontrolled Resource Consumption •