CVSS: 6.5EPSS: 0%CPEs: 226EXPL: 0CVE-2021-0237 – Junos OS: EX4300-MP/EX4600/EX4650/QFX5K Series: Packet Forwarding Engine manager (FXPC) process crashes when deployed in a Virtual Chassis (VC) configuration
https://notcve.org/view.php?id=CVE-2021-0237
22 Apr 2021 — On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series 15.1 versions prior to 15.... • https://kb.juniper.net/JSA11132 •
CVSS: 6.8EPSS: 0%CPEs: 82EXPL: 0CVE-2021-0236 – Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core.
https://notcve.org/view.php?id=CVE-2021-0236
22 Apr 2021 — Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue a... • https://kb.juniper.net/JSA11131 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.3EPSS: 0%CPEs: 96EXPL: 0CVE-2021-0235 – Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks
https://notcve.org/view.php?id=CVE-2021-0235
22 Apr 2021 — On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant.... • https://kb.juniper.net/JSA11130 • CWE-276: Incorrect Default Permissions •
CVSS: 5.8EPSS: 0%CPEs: 144EXPL: 0CVE-2021-0234 – Junos OS: QFX5100-96S: DDoS protection does not work as expected.
https://notcve.org/view.php?id=CVE-2021-0234
22 Apr 2021 — Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply,... • https://kb.juniper.net/JSA11129 • CWE-665: Improper Initialization •
CVSS: 6.8EPSS: 0%CPEs: 38EXPL: 0CVE-2021-0231 – Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure.
https://notcve.org/view.php?id=CVE-2021-0231
22 Apr 2021 — A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. Una vulnerabilidad de Salto de Ruta en las serie... • https://kb.juniper.net/JSA11126 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 208EXPL: 0CVE-2021-0230 – Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics
https://notcve.org/view.php?id=CVE-2021-0230
22 Apr 2021 — On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free km... • https://kb.juniper.net/JSA11125 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 260EXPL: 0CVE-2021-0229 – Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server
https://notcve.org/view.php?id=CVE-2021-0229
22 Apr 2021 — An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt an... • https://kb.juniper.net/JSA11124 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 241EXPL: 0CVE-2021-0228 – Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment
https://notcve.org/view.php?id=CVE-2021-0228
22 Apr 2021 — An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) cond... • https://kb.juniper.net/JSA11123 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 149EXPL: 0CVE-2021-0227 – Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets
https://notcve.org/view.php?id=CVE-2021-0227
22 Apr 2021 — An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Juno... • https://kb.juniper.net/JSA11122 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0225 – Junos OS Evolved: Stateless IP firewall filter does not work as expected
https://notcve.org/view.php?id=CVE-2021-0225
22 Apr 2021 — An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EV... • https://kb.juniper.net/JSA11120 • CWE-754: Improper Check for Unusual or Exceptional Conditions •