CVE-2024-21590 – Junos OS Evolved: Packets which are not destined to the device can reach the RE
https://notcve.org/view.php?id=CVE-2024-21590
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. Una vulnerabilidad de validación de entrada incorrecta en Juniper Tunnel Driver (jtd) y el módulo ICMP de Juniper Networks Junos OS Evolved permite a un atacante no autenticado dentro del dominio administrativo MPLS enviar paquetes específicamente manipulados al motor de enrutamiento (RE) para provocar una denegación de servicio (DoS). ). Cuando el motor de reenvío de paquetes (PFE) recibe paquetes MPLS IPv4 de tránsito específicamente manipulados, estos paquetes se reenvían internamente al RE. La recepción continua de estos paquetes puede crear una condición sostenida de Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA75728 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N • CWE-20: Improper Input Validation •
CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en J-Web de Juniper Networks Junos OS en las series SRX y EX permite a un atacante construir una URL que, cuando la visita otro usuario, le permite ejecutar comandos con los permisos del objetivo, incluido un administrador. Una invocación específica del método emit_debug_note en webauth_operation.php devolverá los datos que recibe. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S10; * Versiones 21.2 anteriores a 21.2R3-S8; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3-S1; * Versiones 23.2 anteriores a 23.2R2; * Versiones 23.4 anteriores a 23.4R2. • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Una vulnerabilidad de autenticación faltante para función crítica combinada con una vulnerabilidad de generación de mensaje de error que contiene información confidencial en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado acceda a información confidencial del sistema. Cuando un usuario inicia sesión, se crea un archivo temporal que contiene la configuración del dispositivo (como es visible para ese usuario) en la carpeta /cache. • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVE-2024-21617 – Junos OS: BGP flap on NSR-enabled devices causes memory leak
https://notcve.org/view.php?id=CVE-2024-21617
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7. Una vulnerabilidad de limpieza incompleta en el componente Nonstop active routing (NSR) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado cause una pérdida de memoria que provoque una denegación de servicio (DoS). En todas las plataformas Junos OS, cuando NSR está habilitado, un fallo de BGP provocará una pérdida de memoria. Un reinicio manual del sistema restaurará los servicios. • https://supportportal.juniper.net/JSA75758 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-459: Incomplete Cleanup •
CVE-2024-21616 – Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail
https://notcve.org/view.php?id=CVE-2024-21616
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Una vulnerabilidad de validación inadecuada de la corrección sintáctica de la entrada en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). En todas las plataformas Junos OS MX Series y SRX Series, cuando SIP ALG está habilitado y se recibe y procesa un paquete SIP específico, la asignación de IP NAT falla para el tráfico genuino, lo que provoca una denegación de servicio (DoS). La recepción continua de este paquete SIP ALG específico provocará una condición DoS sostenida. • https://supportportal.juniper.net/JSA75757 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-1286: Improper Validation of Syntactic Correctness of Input •