CVSS: 6.5EPSS: 0%CPEs: 168EXPL: 0CVE-2021-0214 – Junos OS: Denial of Service in ppmd upon receipt of malformed packet
https://notcve.org/view.php?id=CVE-2021-0214
22 Apr 2021 — A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitati... • https://kb.juniper.net/JSA11117 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 197EXPL: 0CVE-2021-0223 – Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0223
15 Jan 2021 — A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 v... • https://kb.juniper.net/JSA11114 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 285EXPL: 0CVE-2021-0222 – Junos OS: Upon receipt of certain protocol packets with invalid payloads a self-propagating Denial of Service may occur.
https://notcve.org/view.php?id=CVE-2021-0222
15 Jan 2021 — A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impact due to pr... • https://kb.juniper.net/JSA11094 • CWE-16: Configuration •
CVSS: 6.5EPSS: 0%CPEs: 145EXPL: 0CVE-2021-0221 – Junos OS: QFX Series: Traffic loop Denial of Service (DoS) upon receipt of specific IP multicast traffic
https://notcve.org/view.php?id=CVE-2021-0221
15 Jan 2021 — In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70... • https://kb.juniper.net/JSA11111 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.2EPSS: 0%CPEs: 157EXPL: 0CVE-2021-0219 – Junos OS: Command injection vulnerability in 'request system software' CLI command
https://notcve.org/view.php?id=CVE-2021-0219
15 Jan 2021 — A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. This issue affects Juniper Networks Junos OS: all versions prior to... • https://kb.juniper.net/JSA11109 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 142EXPL: 0CVE-2021-0218 – Junos OS: Command injection vulnerability in license-check daemon
https://notcve.org/view.php?id=CVE-2021-0218
15 Jan 2021 — A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 1... • https://kb.juniper.net/JSA11108 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 73EXPL: 1CVE-2021-0217 – Junos OS: EX Series and QFX Series: Memory leak issue processing specific DHCP packets
https://notcve.org/view.php?id=CVE-2021-0217
15 Jan 2021 — A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored thro... • https://kb.juniper.net/JSA11107 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 221EXPL: 1CVE-2021-0215 – Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps
https://notcve.org/view.php?id=CVE-2021-0215
15 Jan 2021 — On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device> show task memory detail Please refer to https://kb.juniper.net/KB31522 for details. This issue affects Juniper Networ... • https://kb.juniper.net/JSA11105 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 336EXPL: 0CVE-2021-0211 – Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.
https://notcve.org/view.php?id=CVE-2021-0211
15 Jan 2021 — An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Network... • https://kb.juniper.net/JSA11101 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 158EXPL: 0CVE-2021-0210 – Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session
https://notcve.org/view.php?id=CVE-2021-0210
15 Jan 2021 — An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 version... • https://kb.juniper.net/JSA11100 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •