CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0CVE-2021-0271 – Junos OS: EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series: Receipt of a crafted ARP packet by an adjacent attacker will cause the sfid process to core.
https://notcve.org/view.php?id=CVE-2021-0271
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected. • https://kb.juniper.net/JSA11162 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 324EXPL: 0CVE-2021-0261 – Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests
https://notcve.org/view.php?id=CVE-2021-0261
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Una vulnerabilidad en el servicio HTTP/HTTPS utilizado por -Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through con Web-Redirect, y Captive Portal, permite a un atacante no autenticado causar una Denegación de Servicio extendida (DoS) para estos servicios mediante el envío de un gran número de peticiones específicas. Este problema afecta a: Juniper Networks Junos OS versiones 12.3 anteriores a 12.3R12-S17 en la serie EX; Versiones de 12.3X48 anteriores a 12.3X48-D105 en la serie SRX; versiones 15.1 anteriores a 15.1R7-S8; Versiones de 15.1X49 anteriores a 15.1X49-D230 en la serie SRX; versiones 16.1 anteriores a 16.1R7-S8; versiones 17.4 anteriores a 17.4R2-S12, 17.4R3-S3; versiones 18.1 anteriores a 18.1R3-S11; versiones 18.2 anteriores a 18.2R3-S6; versiones 18.3 anteriores a 18.3R2-S4, 18.3R3-S3; versiones 18.4 anteriores a 18.4R2-S5, 18.4R3-S4; versiones 19.1 anteriores a 19.1R2-S2, 19.1R3-S2; versiones 19. 2 anteriores a 19.2R1-S5, 19.2R3; versiones 19.3 anteriores a 19.3R2-S4, 19.3R3; versiones 19.4 anteriores a 19.4R1-S3, 19.4R2-S2, 19.4R3; versiones 20.1 anteriores a 20.1R1-S3, 20.1R2; Versiones 20.2 anteriores a 20.2R1-S1, 20.2R2 • https://kb.juniper.net/JSA11152 • CWE-125: Out-of-bounds Read CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0248 – NFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.
https://notcve.org/view.php?id=CVE-2021-0248
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected. • https://kb.juniper.net/JSA11141 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 344EXPL: 0CVE-2021-0247 – Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration.
https://notcve.org/view.php?id=CVE-2021-0247
A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-INET-01 Counters: Name Bytes Packets output-match-inet 0 0 <<<<<< missing firewall packet count This issue affects: Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D53 on QFX Series; 14.1 versions 14.1R1 and later versions prior to 15.1 versions prior to 15.1R7-S6 on QFX Series, PTX Series; 15.1X53 versions prior to 15.1X53-D593 on QFX Series; 16.1 versions prior to 16.1R7-S7 on QFX Series, PTX Series; 16.2 versions prior to 16.2R2-S11, 16.2R3 on QFX Series, PTX Series; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on QFX Series, PTX Series; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3 on QFX Series, PTX Series; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on QFX Series, PTX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3 on QFX Series, PTX Series; 18.1 versions prior to 18.1R3-S9 on QFX Series, PTX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on QFX Series, PTX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on QFX Series, PTX Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 on QFX Series, PTX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on QFX Series, PTX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX Series, PTX Series. Una vulnerabilidad de Condición de Carrera (Ejecución Concurrente usando Recursos Compartidos con Sincronización Inapropiada) en el proceso de firewall (dfwd) de Juniper Networks Junos OS, permite a un atacante omitir los conjuntos de reglas de firewall aplicados al filtro de bucle de entrada en cualquier interfaz de un dispositivo. Este problema es detectable al revisar las reglas de firewall de PFE, así como los contadores de firewall y visualizar si aumentan o no. • https://kb.juniper.net/JSA11140 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 268EXPL: 0CVE-2021-0244 – Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition
https://notcve.org/view.php?id=CVE-2021-0244
A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configured with Virtual Chassis configurations, and more frequently on devices configured in Virtual Chassis configurations. This issue is not specific to any particular Junos OS platform. An Indicator of Compromise (IoC) may be seen by reviewing log files for the following error message seen by executing the following show statement: show log messages | grep storm Result to look for: /kernel: GENCFG: op 58 (Storm Control Blob) failed; err 1 (Unknown) This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49 on EX Series; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D191, 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. • https://kb.juniper.net/JSA11137 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •