CVE-2021-0248 – NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.
https://notcve.org/view.php?id=CVE-2021-0248
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected. • https://kb.juniper.net/JSA11141 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-0220 – Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
https://notcve.org/view.php?id=CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. Se ha encontrado que Junos Space Network Management Platform almacena secretos compartidos en un formato recuperable que puede ser expuesto por medio de la Interfaz de Usuario. • https://kb.juniper.net/JSA11110 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2021-0210 – Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session
https://notcve.org/view.php?id=CVE-2021-0210
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Una vulnerabilidad de exposición de la información en J-Web de Juniper Networks Junos OS permite a un atacante no autenticado elevar sus privilegios sobre el sistema objetivo mediante el uso oportunista de una sesión de usuarios autenticados. Este problema afecta a: Juniper Networks Junos OS versiones 12.3 anteriores a 12.3R12-S17; versiones 17.3 anteriores a 17.3R3-S10; versiones 17.4 anteriores a 17.4R2-S12, 17.4R3-S3; versiones 18.1 anteriores a 18.1R3-S11; versiones 18.2 anteriores a 18.2R3-S6; versiones 18.3 anteriores a 18.3R2-S4, 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S5, 18.4R3-S5; versiones 19.1 anteriores a 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; versiones 19.2 anteriores a 19.2R1-S5, 19.2R3, 19.2R3-S1; versiones 19.3 anteriores a 19.3R2-S4, 19.3R3; versiones 19.4 anteriores a 19.4R1-S3, 19.4R2-S2, 19.4R3; versiones 20.1 anteriores a 20.1R1-S4, 20.1R2; versiones 20.2 anteriores a 20.2R1-S1, 20.2R2 • https://kb.juniper.net/JSA11100 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-1661 – Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet.
https://notcve.org/view.php?id=CVE-2020-1661
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5. • https://kb.juniper.net/JSA11056 •
CVE-2020-1656 – Junos OS: When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client message, Remote Code Execution may occur.
https://notcve.org/view.php?id=CVE-2020-1656
The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. • https://kb.juniper.net/JSA11049 https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-dhcpv6-relay-statistics.html https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-relay-agent-security-devices.html https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcpv6-relay-agent-overview.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •