CVE-2021-31371 – Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces.
https://notcve.org/view.php?id=CVE-2021-31371
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; El sistema operativo Junos de Juniper Networks utiliza la subred 128.0.0.0/2 para las comunicaciones internas entre el RE y los PFE. Se ha descubierto que los paquetes que utilizan estas direcciones IP pueden salir de un conmutador de la serie QFX5000, filtrando información de configuración como los latidos del corazón, las versiones del kernel, etc. a Internet, lo que lleva a una vulnerabilidad de exposición de información. Este problema afecta al sistema operativo Junos de Juniper Networks en las series QFX5110, QFX5120, QFX5200, QFX5210 y QFX5100 con la imagen de la serie QFX 5e instalada: Todas las versiones anteriores a 17.3R3-S12; 18.1 versiones anteriores a 18.1R3-S13; 18.3 versiones anteriores a 18.3R3-S5; 19.1 versiones anteriores a 19.1R3-S6; 19.2 versiones anteriores a 19.2R1-S7, 19.2R3-S3; 19.3 versiones anteriores a 19.3R2-S6, 19.3R3-S3; 19. 4 versiones anteriores a 19.4R1-S4, 19.4R3-S5; 20.1 versiones anteriores a 20.1R2-S2, 20.1R3-S1; 20.2 versiones anteriores a 20.2R3-S2; 20.3 versiones anteriores a 20.3R3-S1; 20.4 versiones anteriores a 20.4R2-S1, 20.4R3; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2; • https://kb.juniper.net/JSA11236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-31370 – Junos OS: QFX5000 Series and EX4600 Series: Control traffic might be dropped if a high rate of specific multicast traffic is received
https://notcve.org/view.php?id=CVE-2021-31370
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una vulnerabilidad de la lista incompleta de entradas no permitidas en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS en las series QFX5000 y EX4600 permite a un atacante adyacente no autenticado que envía una alta tasa de tráfico de multidifusión específico causar una caída del tráfico de control recibido de la red. • https://kb.juniper.net/JSA11232 • CWE-184: Incomplete List of Disallowed Inputs •
CVE-2021-31369 – Junos OS: MX Series: Traffic drops will be observed if MS-MPC/MS-PIC resources are consumed by certain traffic causing a partial DoS
https://notcve.org/view.php?id=CVE-2021-31369
On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of specific traffic is processed by this service-set, for some of the other traffic which has services applied and is being processed by this MS-MPC/MS-MIC drops will be observed. Continued receipted of this high rate of specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series with MS-MPC/MS-MIC: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. En las plataformas de la serie MX con MS-MPC/MS-MIC, una vulnerabilidad de asignación de recursos sin límites o estrangulamiento en Juniper Networks Junos OS permite a un atacante de red no autenticado causar una Denegación de Servicio (DoS) parcial con una alta tasa de tráfico específico. • https://kb.juniper.net/JSA11231 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-31368 – Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of-band management port receives a flood of traffic
https://notcve.org/view.php?id=CVE-2021-31368
An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. • https://kb.juniper.net/JSA11230 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-31366 – Junos OS: MX Series: In subscriber management / BBE configuration authd can crash if a subscriber with a specific username tries to login leading to a DoS
https://notcve.org/view.php?id=CVE-2021-31366
An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Continued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Una vulnerabilidad de Valor de Retorno No Comprobado en el authd (demonio de autenticación) de Juniper Networks Junos OS en la serie MX configurada para la administración de suscriptores / BBE permite a un atacante adyacente causar un bloqueo mediante el envío de un nombre de usuario específico. • https://kb.juniper.net/JSA11228 • CWE-252: Unchecked Return Value •