CVE-2023-36844 – Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-36844
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. Una vulnerabilidad de modificación de variables externas de PHP en J-Web de Juniper Networks Junos OS en la serie EX permite a un atacante no autenticado basado en red controlar ciertas variables de entorno importantes. Mediante una solicitud falsificada, un atacante puede modificar determinadas variables de entorno de PHP, lo que conduce a una pérdida parcial de la integridad, que puede permitir el encadenamiento con otras vulnerabilidades. Este problema afecta al sistema operativo Junos de Juniper Networks en la serie EX: * Todas las versiones anteriores a 20.4R3-S9; * 21.1: versiones 21.1R1 y posteriores; * 21.2: versiones anteriores a 21.2R3-S7; * 21.3: versiones anteriores a 21.3R3-S5; * 21.4: versiones anteriores a 21.4R3-S5; * 22.1: versiones anteriores a 22.1R3-S4; * 22.2: versiones anteriores a 22.2R3-S2; * 22.3: versiones anteriores a 22.3R3-S1; * 22.4: versiones anteriores a 22.4R2-S2, 22.4R3; * 23.2: versiones anteriores a 23.2R1-S1, 23.2R2. Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. • https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844?ref=labs.watchtowr.com https://github.com/ThatNotEasy/CVE-2023-36844 http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html https://supportportal.juniper.net/JSA72300 • CWE-473: PHP External Variable Modification •
CVE-2023-36847 – Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36847
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. "Una vulnerabilidad de falta de autenticación para funciones críticas en Juniper Networks Junos OS en la serie EX permite a un atacante no autenticado basado en red causar un impacto limitado en la integridad del sistema de archivos. Con una solicitud específica a installAppPackage.php que no requiere autenticación, un atacante puede cargar archivos arbitrarios a través de J-Web, lo que provoca una pérdida de integridad de una parte determinada del sistema de archivos, que puede permitir el encadenamiento con otras vulnerabilidades. Este problema afecta al sistema operativo Junos de Juniper Networks en la serie EX: * Todas las versiones anteriores a 20.4R3-S8; * 21.1: versiones 21.1R1 y posteriores; * 21.2: versiones anteriores a 21.2R3-S6; * 21.3: versiones anteriores a 21.3R3-S5; * 21.4: versiones anteriores a 21.4R3-S4; * 22.1: versiones anteriores a 22.1R3-S3; * 22.2: versiones anteriores a 22.2R3-S1; * 22.3: versiones anteriores a 22.3R2-S2, 22.3R3; * 22.4: versiones anteriores a 22.4R2-S1, 22.4R3." Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. • https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844?ref=labs.watchtowr.com https://supportportal.juniper.net/JSA72300 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-22226 – Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash
https://notcve.org/view.php?id=CVE-2022-22226
In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1. • https://kb.juniper.net/JSA69876 https://www.juniper.net/documentation/us/en/software/junos/ovsdb-vxlan/evpn-vxlan/topics/ref/statement/vxlan.html#id-vxlan__d281e31 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVE-2022-22221 – Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality
https://notcve.org/view.php?id=CVE-2022-22221
An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en el administrador de descargas del Sistema Operativo Junos de Juniper Networks en las series SRX y EX permite a un atacante autenticado localmente con bajos privilegios tomar el control total del dispositivo. Uno de los aspectos de esta vulnerabilidad es que el atacante debe ser capaz de ejecutar cualquiera de los comandos "request ..." o "show system download ...". • https://kb.juniper.net/JSA69725 •
CVE-2022-22191 – Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic
https://notcve.org/view.php?id=CVE-2022-22191
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. • https://kb.juniper.net/JSA69502 • CWE-400: Uncontrolled Resource Consumption CWE-410: Insufficient Resource Pool •