Page 2 of 24 results (0.015 seconds)

CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue:        labuser@re0> show evo-pfemand host pkt-stats     labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S4-EVO,  * from 22.4 before 22.4R3-S3-EVO,  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,  * from 24.2 before 24.2R2-EVO. • https://supportportal.juniper.net • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S1-EVO,  * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. • https://supportportal.juniper.net/JSA88105 • CWE-697: Incorrect Comparison •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. See configuration below. This issue can be detected using following commands. Their output will display the interface status going down: user@device>show interfaces <if--x/x/x> user@device>show log messages | match <if--x/x/x> user@device>show log messages ==> will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability • https://supportportal.juniper.net/JSA88103 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 8.7EPSS: 0%CPEs: 14EXPL: 0

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established.  Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * from 21.4-EVO before 21.4R3-S8-EVO,  * from 22.2-EVO before 22.2R3-S4-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO,  * from 23.2-EVO before 23.2R2-S1-EVO,  * from 23.4-EVO before 23.4R2-EVO. • https://supportportal.juniper.net/JSA88102 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 8.7EPSS: 0%CPEs: 12EXPL: 0

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP with any address family configured. This issue affects: Junos OS:  * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S3,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S5-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S2-EVO,  * 23.4-EVO before 23.4R2-EVO. An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP traffic engineering configured This issue can affect iBGP and eBGP with any address family configured.  • https://supportportal.juniper.net/JSA88100 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html • CWE-125: Out-of-bounds Read •