CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-22171 – Junos OS: Specific packets over VXLAN cause FPC reset
https://notcve.org/view.php?id=CVE-2022-22171
19 Jan 2022 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versi... • https://kb.juniper.net/JSA11277 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-22170 – Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset
https://notcve.org/view.php?id=CVE-2022-22170
19 Jan 2022 — A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 ve... • https://kb.juniper.net/JSA11277 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 215EXPL: 0CVE-2022-22169 – Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device.
https://notcve.org/view.php?id=CVE-2022-22169
19 Jan 2022 — An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the "INIT" s... • https://kb.juniper.net/JSA11276 • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 0CVE-2022-22168 – Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot
https://notcve.org/view.php?id=CVE-2022-22168
19 Jan 2022 — An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prio... • https://kb.juniper.net/JSA11275 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.8EPSS: 0%CPEs: 160EXPL: 0CVE-2022-22167 – Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy
https://notcve.org/view.php?id=CVE-2022-22167
19 Jan 2022 — A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-policy, which is ... • https://kb.juniper.net/JSA11265 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-22166 – Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received
https://notcve.org/view.php?id=CVE-2022-22166
19 Jan 2022 — An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. Thi... • https://kb.juniper.net/JSA11274 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.4EPSS: 0%CPEs: 173EXPL: 0CVE-2022-22163 – Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet
https://notcve.org/view.php?id=CVE-2022-22163
19 Jan 2022 — An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19... • https://kb.juniper.net/JSA11271 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 204EXPL: 0CVE-2022-22162 – Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in
https://notcve.org/view.php?id=CVE-2022-22162
19 Jan 2022 — A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R... • https://kb.juniper.net/JSA11270 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 1%CPEs: 144EXPL: 0CVE-2022-22161 – Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic
https://notcve.org/view.php?id=CVE-2022-22161
19 Jan 2022 — An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that an irq handled... • https://kb.juniper.net/JSA11269 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 381EXPL: 0CVE-2022-22160 – Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message
https://notcve.org/view.php?id=CVE-2022-22160
19 Jan 2022 — An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R... • https://kb.juniper.net/JSA11268 • CWE-391: Unchecked Error Condition •