CVSS: 5.5EPSS: 0%CPEs: 74EXPL: 0CVE-2024-21594 – Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd crash
https://notcve.org/view.php?id=CVE-2024-21594
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el Network Services Daemon (NSD) de Juniper Networks Junos OS permite que un atacante local autenticado y con pocos privilegios provoque una denegación de servicio (DoS). En un dispositivo de la serie SRX 5000, al ejecutar un comando específico repetidamente, la memoria se daña, lo que provoca un bloqueo del Flow Processing Daemon (flowd). El proceso NSD debe reiniciarse para restaurar los servicios. Si ocurre este problema, se puede verificar con el siguiente comando: usuario@host> solicitar políticas de seguridad verificar También se puede observar el siguiente mensaje de registro: Error: policies are out of sync for PFE node.fpc.pic. • https://supportportal.juniper.net/JSA75733 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 91EXPL: 0CVE-2024-21591 – Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-21591
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. Una vulnerabilidad de escritura fuera de los límites en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS) o una ejecución remota de código (RCE) y obtenga privilegios de root en el dispositivo. Este problema se debe al uso de una función insegura que permite a un atacante sobrescribir la memoria arbitraria. Este problema afecta a las series Junos OS SRX y EX de Juniper Networks: * Versiones de Junos OS anteriores a 20.4R3-S9; * Versiones de Junos OS 21.2 anteriores a 21.2R3-S7; * Versiones de Junos OS 21.3 anteriores a 21.3R3-S5; * Versiones de Junos OS 21.4 anteriores a 21.4R3-S5; * Versiones de Junos OS 22.1 anteriores a 22.1R3-S4; * Versiones de Junos OS 22.2 anteriores a 22.2R3-S3; * Versiones de Junos OS 22.3 anteriores a 22.3R3-S2; * Versiones de Junos OS 22.4 anteriores a 22.4R2-S2, 22.4R3. • https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html https://supportportal.juniper.net/JSA75729 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2023-36842 – Junos OS: jdhcpd will hang on receiving a specific DHCP packet
https://notcve.org/view.php?id=CVE-2023-36842
An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2. Una verificación inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en Juniper DHCP Daemon (jdhcpd) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado haga que jdhcpd consuma todos los ciclos de la CPU, lo que resulta en una denegación de servicio (DoS). En dispositivos Junos OS con forward-snooped-client configurado, si un atacante envía un paquete DHCP específico a una interfaz no configurada, esto provocará un bucle infinito. Será necesario reiniciar el proceso DHCP para recuperar el servicio. • https://supportportal.juniper.net/JSA75730 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2023-44203 – Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN
https://notcve.org/view.php?id=CVE-2023-44203
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. Una vulnerabilidad de verificación o manejo inadecuado de condiciones excepcionales en Packet Forwarding Engine (pfe) de Juniper Networks Junos OS en las series QFX5000, EX2300, EX3400, EX4100, EX4400 y EX4600 permite que un atacante adyacente envíe tráfico específico, lo que provoca una inundación de paquetes. resultando en una Denegación de Servicio (DoS). Cuando se recibe un paquete IGMP específico en una VLAN aislada, se duplica en todos los demás puertos de la VLAN principal, lo que provoca una inundación. Este problema afecta únicamente a las series QFX5000, EX2300, EX3400, EX4100, EX4400 y EX4600. Este problema afecta a Juniper Junos OS en las series QFX5000, EX2300, EX3400, EX4100, EX4400 y EX4600: * Todas las versiones anteriores a 20.4R3-S5; * Versiones 21.1 anteriores a 21.1R3-S4; * Versiones 21.2 anteriores a 21.2R3-S3; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S2; * Versiones 22.1 anteriores a 22.1R3; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2. • https://supportportal.juniper.net/JSA73169 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 86EXPL: 0CVE-2023-44201 – Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user.
https://notcve.org/view.php?id=CVE-2023-44201
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. Una vulnerabilidad de asignación de permisos incorrecta para recursos críticos en un archivo específico de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante autenticado local leer cambios de configuración sin tener los permisos. Cuando un usuario con los permisos respectivos realiza un cambio de configuración, se crea un archivo específico. • https://supprtportal.juniper.net/JSA73167 • CWE-732: Incorrect Permission Assignment for Critical Resource •