CVSS: 6.5EPSS: 0%CPEs: 76EXPL: 0CVE-2024-21613 – Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd crash
https://notcve.org/view.php?id=CVE-2024-21613
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO. Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque un bloqueo de rpd, lo que lleva a una denegación de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando la ingeniería de tráfico está habilitada para OSPF o ISIS y un enlace falla, se observa una pérdida de memoria de patroot. Esta pérdida de memoria, con el tiempo, provocará un bloqueo y reinicio del rpd. • https://supportportal.juniper.net/JSA75754 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 110EXPL: 0CVE-2024-21607 – Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected
https://notcve.org/view.php?id=CVE-2024-21607
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. Una característica no compatible en la vulnerabilidad de la interfaz de usuario en Juniper Networks Junos OS en las series MX y EX9200 permite que un atacante no autenticado basado en la red cause un impacto parcial en la integridad del dispositivo. Si se agrega la opción "tcp-reset" a la acción "reject" en un filtro IPv6 que coincide con el "payload-protocol", los paquetes se permiten en lugar de rechazarse. • https://supportportal.juniper.net/JSA75748 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N • CWE-447: Unimplemented or Unsupported Feature in UI •
CVSS: 7.5EPSS: 0%CPEs: 118EXPL: 0CVE-2024-21606 – Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash
https://notcve.org/view.php?id=CVE-2024-21606
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. Una vulnerabilidad Double Free en el flow processing daemon (flowd) de Juniper Networks Junos OS en la serie SRX permite que un atacante no autenticado basado en red provoque una denegación de servicio (DoS). En un escenario de VPN de acceso remoto, si se configura un "tcp-encap-profile" y se recibe una secuencia de paquetes específicos, se observará una falla fluida y un reinicio. Este problema afecta a Juniper Networks Junos OS en la serie SRX: * Todas las versiones anteriores a 20.4R3-S8; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3. • https://supportportal.juniper.net/JSA75747 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 62EXPL: 0CVE-2024-21603 – Junos OS: MX Series: Gathering statistics in a scaled SCU/DCU configuration will lead to a device crash
https://notcve.org/view.php?id=CVE-2024-21603
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el kernel de Juniper Network Junos OS en la serie MX permite que un atacante basado en red con privilegios bajos provoque una denegación de servicio. Si está presente una configuración escalada para el uso de clase de origen (SCU)/uso de clase de destino (DCU) (más de 10 clases de ruta) y las estadísticas de SCU/DCU se recopilan mediante la ejecución de solicitudes SNMP específicas o comandos CLI, se creará un 'vmcore' para el Se verá el kernel RE, lo que provocará un reinicio del dispositivo. • https://supportportal.juniper.net/JSA75744 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 64EXPL: 0CVE-2024-21601 – Junos OS: SRX Series: Due to an error in processing TCP events flowd will crash
https://notcve.org/view.php?id=CVE-2024-21601
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1. Una vulnerabilidad de ejecución concurrente que utiliza recurso compartido con sincronización inadecuada ('condición de ejecución') en Flow-processing Daemon (flowd) de Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado provoque una denegación de servicio ( Dos). En los dispositivos de la serie SRX, cuando dos subprocesos diferentes intentan procesar simultáneamente una cola que se utiliza para el flujo de eventos TCP, se bloqueará. Uno de estos subprocesos no se puede activar externamente, por lo que la explotación de esta condición de ejecución está fuera del control directo del atacante. • https://supportportal.juniper.net/JSA75742 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •