CVSS: 7.8EPSS: 0%CPEs: 177EXPL: 0CVE-2018-0020 – Junos OS: rpd daemon cores due to malformed BGP UPDATE packet
https://notcve.org/view.php?id=CVE-2018-0020
11 Apr 2018 — Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D130 on SRX;... • http://www.securitytracker.com/id/1040788 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 186EXPL: 0CVE-2018-0022 – Junos OS: Mbuf leak due to processing MPLS packets in VPLS network.
https://notcve.org/view.php?id=CVE-2018-0022
11 Apr 2018 — A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform: > show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs it will ... • http://www.securityfocus.com/bid/103740 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 14%CPEs: 72EXPL: 0CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
16 Jan 2018 — BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria ... • http://www.securityfocus.com/bid/102716 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 102EXPL: 0CVE-2018-0007
https://notcve.org/view.php?id=CVE-2018-0007
10 Jan 2018 — An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device recei... • http://www.securitytracker.com/id/1040181 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 102EXPL: 0CVE-2018-0003 – Junos OS: A crafted MPLS packet may lead to a kernel crash
https://notcve.org/view.php?id=CVE-2018-0003
10 Jan 2018 — A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D4... • http://www.securityfocus.com/bid/105715 •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-0006 – Junos OS: bbe-smgd process denial of service while processing VLAN authentication requests/rejects
https://notcve.org/view.php?id=CVE-2018-0006
10 Jan 2018 — A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Oth... • http://www.securitytracker.com/id/1040184 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 1%CPEs: 176EXPL: 0CVE-2018-0002 – MX series, SRX series: Junos OS: Denial of service vulnerability in Flowd on devices with ALG enabled.
https://notcve.org/view.php?id=CVE-2018-0002
10 Jan 2018 — On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prio... • http://www.securitytracker.com/id/1040178 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 204EXPL: 0CVE-2018-0008 – Junos OS: commit script may allow unauthenticated root login upon reboot
https://notcve.org/view.php?id=CVE-2018-0008
10 Jan 2018 — An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastl... • http://www.securitytracker.com/id/1040186 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10607 – Junos: rpd core due to receipt of specially crafted BGP packet
https://notcve.org/view.php?id=CVE-2017-10607
13 Oct 2017 — Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices runnin... • https://kb.juniper.net/JSA10810 •
CVSS: 5.9EPSS: 0%CPEs: 114EXPL: 0CVE-2017-10618 – Junos: RPD core due to BGP UPDATE with malformed optional transitive attributes
https://notcve.org/view.php?id=CVE-2017-10618
13 Oct 2017 — When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X5... • https://kb.juniper.net/JSA10820 •