CVSS: 9.8EPSS: 2%CPEs: 64EXPL: 0CVE-2020-1654 – Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution
https://notcve.org/view.php?id=CVE-2020-1654
17 Jul 2020 — On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prio... • https://kb.juniper.net/JSA11031 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2020-1653 – Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak
https://notcve.org/view.php?id=CVE-2020-1653
17 Jul 2020 — On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is... • https://kb.juniper.net/JSA11040 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2020-1650 – Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC
https://notcve.org/view.php?id=CVE-2020-1650
17 Jul 2020 — On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17... • https://kb.juniper.net/JSA11037 •
CVSS: 7.5EPSS: 0%CPEs: 133EXPL: 0CVE-2020-1649 – Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly
https://notcve.org/view.php?id=CVE-2020-1649
17 Jul 2020 — When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO r... • https://kb.juniper.net/JSA11036 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-1648 – Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet
https://notcve.org/view.php?id=CVE-2020-1648
17 Jul 2020 — On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60... • https://kb.juniper.net/JSA11035 • CWE-159: Improper Handling of Invalid Use of Special Elements CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 65EXPL: 0CVE-2020-1647 – Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled
https://notcve.org/view.php?id=CVE-2020-1647
17 Jul 2020 — On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Seri... • https://kb.juniper.net/JSA11034 • CWE-415: Double Free •
CVSS: 8.3EPSS: 0%CPEs: 59EXPL: 0CVE-2020-1645 – Junos OS: MX Series: Services card might restart when DNS filtering is enabled
https://notcve.org/view.php?id=CVE-2020-1645
17 Jul 2020 — When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue oc... • https://kb.juniper.net/JSA11028 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 127EXPL: 0CVE-2020-1644 – Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets
https://notcve.org/view.php?id=CVE-2020-1644
17 Jul 2020 — On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions p... • https://kb.juniper.net/JSA11032 • CWE-20: Improper Input Validation CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2020-1640 – Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash.
https://notcve.org/view.php?id=CVE-2020-1640
17 Jul 2020 — An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can b... • https://kb.juniper.net/JSA11024 • CWE-20: Improper Input Validation CWE-1173: Improper Use of Validation Framework •
CVSS: 9.8EPSS: 5%CPEs: 277EXPL: 0CVE-2020-1631 – Juniper Junos OS Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-1631
04 May 2020 — A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as u... • https://kb.juniper.net/JSA11021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •