CVE-2021-31362 – Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS
https://notcve.org/view.php?id=CVE-2021-31362
A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Una vulnerabilidad de fallo de mecanismo de protección en RPD (demonio de protocolo de enrutamiento) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante adyacente no autenticado causar una caída de adyacencias IS-IS establecidas mediante el envío de una PDU de saludo falsa que conlleva a una condición de Denegación de Servicio (DoS). • https://kb.juniper.net/JSA11224 • CWE-693: Protection Mechanism Failure •
CVE-2021-31361 – Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated
https://notcve.org/view.php?id=CVE-2021-31361
An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales combinada con una Administración Inapropiada de Condiciones Excepcionales en Juniper Networks Junos OS en las series QFX y PTX permite a un atacante no autenticado basado en la red causar un aumento del uso de la CPU de la FPC mediante el envío de paquetes IP específicos que están siendo encapsulados en VXLAN, conllevando a una Denegación de Servicio (DoS) parcial. • https://kb.juniper.net/JSA11223 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-31360 – Junos OS and Junos OS Evolved: Denial of Service vulnerability in local file processing
https://notcve.org/view.php?id=CVE-2021-31360
An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. • https://kb.juniper.net/JSA11222 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVE-2021-31359 – Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-31359
A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. • https://kb.juniper.net/JSA11222 • CWE-121: Stack-based Buffer Overflow CWE-269: Improper Privilege Management •
CVE-2021-31355 – Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal
https://notcve.org/view.php?id=CVE-2021-31355
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente en la interfaz gráfica de usuario del portal cautivo de Juniper Networks Junos OS puede permitir que un usuario remoto autenticado inyecte script web o HTML y robe datos y credenciales confidenciales de una sesión de administración web, posiblemente engañando a un usuario administrativo posterior para que lleve a cabo acciones administrativas en el dispositivo. Este problema afecta a Juniper Networks Junos OS: Todas las versiones, incluidas las siguientes versiones compatibles: versiones 12.3X48 anteriores a 12.3X48-D105; versiones 15.1X49 anteriores a 15.1X49-D220; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S7; versiones 19.2 anteriores a 19.2R3-S3; versiones 19. 3 versiones anteriores a 19.3R3-S4; versiones 19.4 anteriores a 19.4R3-S6; versiones 20.1 anteriores a 20.1R3; versiones 20.2 anteriores a 20.2R1-S1, 20.2R2; versiones 20.3 anteriores a 20.3R2; versiones 20.4 anteriores a 20.4R2; versiones 21.1 anteriores a 21.1R2 • https://kb.juniper.net/JSA11220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •