CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-30409 – Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS).
https://notcve.org/view.php?id=CVE-2024-30409
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved: * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el procesamiento de telemetría de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante autenticado basado en red cause que el daemon de telemetría de la base de información de reenvío (fibtd) se bloquee, lo que lleva a una denegación de servicio limitada. Este problema afecta a Juniper Networks Junos OS: * desde 22.1 antes de 22.1R1-S2, 22.1R2. Junos OS Evolucionado: * desde 22.1 antes de 22.1R1-S2-EVO, 22.1R2-EVO. • https://supportportal.juniper.net/JSA79099 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-30410 – Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term.
https://notcve.org/view.php?id=CVE-2024-30410
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. Un orden de comportamiento incorrecto en el motor de enrutamiento (RE) de Juniper Networks Junos OS en la serie EX4300 permite que el tráfico destinado al dispositivo llegue al RE en lugar de descartarse cuando el término de descarte se establece en la interfaz de bucle invertido (lo0). La función prevista es que el filtro de firewall lo0 tenga prioridad sobre el filtro de firewall de la interfaz de ingresos. • https://supportportal.juniper.net/JSA79100 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N • CWE-696: Incorrect Behavior Order •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30381 – Paragon Active Assurance: probe_serviced exposes internal objects to local users
https://notcve.org/view.php?id=CVE-2024-30381
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0. Una vulnerabilidad de exposición de información confidencial a un actor no autorizado en Juniper Networks Paragon Active Assurance Control Center permite a un atacante adyacente a la red con acceso raíz a un dispositivo Test Agent la capacidad de acceder a información confidencial sobre dispositivos descendentes. El daemon "netrounds-probe-login" (también llamado probe_serviced) expone funciones en las que el dispositivo Test Agent (TA) presiona el estado/configuración de la interfaz, se da de baja, etc. El servicio remoto expone accidentalmente un objeto de base de datos interna que se puede usar para acceso directo. acceso a la base de datos en Paragon Active Assurance Control Center. • https://supportportal.juniper.net/JSA79173 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2024-21618 – Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes
https://notcve.org/view.php?id=CVE-2024-21618
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. Una vulnerabilidad de acceso a la ubicación de la memoria después del fin del búfer en el daemon de protocolos de control de capa 2 (l2cpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando LLDP está habilitado en una interfaz específica y se recibe un paquete LLDP con formato incorrecto, l2cpd falla y se reinicia. • https://supportportal.juniper.net/JSA75759 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-788: Access of Memory Location After End of Buffer •
CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 0CVE-2024-21615 – Junos OS and Junos OS Evolved: A low-privileged user can access confidential information
https://notcve.org/view.php?id=CVE-2024-21615
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3 before 21.3R3-S5-EVO, * from 21.4 before 21.4R3-S5-EVO, * from 22.1 before 22.1R3-S5-EVO, * from 22.2 before 22.2R3-S3-EVO, * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO, * from 23.2 before 23.2R1-S2. Una vulnerabilidad de permisos predeterminados incorrectos en Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local con pocos privilegios acceda a información confidencial en el sistema. En todas las plataformas Junos OS y Junos OS Evolved, cuando se configuran las opciones de seguimiento de NETCONF y un superusuario realiza acciones específicas a través de NETCONF, un usuario con pocos privilegios puede acceder a información confidencial que compromete la confidencialidad del sistema. Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S7, * desde 21.4 anterior a 21.4R3-S5, * desde 22.1 anterior a 22.1R3-S5, * desde 22.2 anterior a 22.2R3-S3, * desde 22.3 anterior a 22.3R3- S2, * de 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R1-S2. Junos OS Evolved: * todas las versiones anteriores a 21.2R3-S7-EVO, * desde 21.3 anterior a 21.3R3-S5-EVO, * desde 21.4 anterior a 21.4R3-S5-EVO, * desde 22.1 anterior a 22.1R3-S5-EVO, * desde 22.2 antes de 22.2R3-S3-EVO, * desde 22.3 antes de 22.3R3-S2-EVO, * desde 22.4 antes de 22.4R3-EVO, * desde 23.2 antes de 23.2R1-S2. • https://supportportal.juniper.net/JSA75756 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N • CWE-276: Incorrect Default Permissions •