CVSS: 6.8EPSS: 0%CPEs: 82EXPL: 0CVE-2021-0236 – Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core.
https://notcve.org/view.php?id=CVE-2021-0236
22 Apr 2021 — Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue a... • https://kb.juniper.net/JSA11131 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.3EPSS: 0%CPEs: 96EXPL: 0CVE-2021-0235 – Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks
https://notcve.org/view.php?id=CVE-2021-0235
22 Apr 2021 — On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant.... • https://kb.juniper.net/JSA11130 • CWE-276: Incorrect Default Permissions •
CVSS: 5.8EPSS: 0%CPEs: 144EXPL: 0CVE-2021-0234 – Junos OS: QFX5100-96S: DDoS protection does not work as expected.
https://notcve.org/view.php?id=CVE-2021-0234
22 Apr 2021 — Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue to function while protecting the packet forwarding engine (PFE) during the DDoS attack. When this issue occurs, the default DDoS settings within the PFE apply,... • https://kb.juniper.net/JSA11129 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-0233 – Junos OS: ACX500 Series, ACX4000 Series: Denial of Service due to FFEB crash while processing high rate of specific packets.
https://notcve.org/view.php?id=CVE-2021-0233
22 Apr 2021 — A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2. Una vulnerabilidad en Juniper Networks Junos OS en las Series ACX500... • https://kb.juniper.net/JSA11128 • CWE-400: Uncontrolled Resource Consumption CWE-794: Incomplete Filtering of Multiple Instances of Special Elements •
CVSS: 6.8EPSS: 0%CPEs: 38EXPL: 0CVE-2021-0231 – Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure.
https://notcve.org/view.php?id=CVE-2021-0231
22 Apr 2021 — A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. Una vulnerabilidad de Salto de Ruta en las serie... • https://kb.juniper.net/JSA11126 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 208EXPL: 0CVE-2021-0230 – Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics
https://notcve.org/view.php?id=CVE-2021-0230
22 Apr 2021 — On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free km... • https://kb.juniper.net/JSA11125 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 260EXPL: 0CVE-2021-0229 – Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server
https://notcve.org/view.php?id=CVE-2021-0229
22 Apr 2021 — An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses the Message Queue Telemetry Transport (MQTT) protocol to connect to a mosquitto broker that is running on Junos OS to subscribe for events. Continued receipt an... • https://kb.juniper.net/JSA11124 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 241EXPL: 0CVE-2021-0228 – Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment
https://notcve.org/view.php?id=CVE-2021-0228
22 Apr 2021 — An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) cond... • https://kb.juniper.net/JSA11123 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 149EXPL: 0CVE-2021-0227 – Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets
https://notcve.org/view.php?id=CVE-2021-0227
22 Apr 2021 — An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Juno... • https://kb.juniper.net/JSA11122 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 181EXPL: 0CVE-2021-0224 – Junos OS: ANCPD core when hitting maximum-discovery-table-entries limit
https://notcve.org/view.php?id=CVE-2021-0224
22 Apr 2021 — A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Continued processing of spoofed subscriber nodes will create a sustained Denial of Service (DoS) condition. When the number of subscribers attempting to connect exceeds the configured maximum-discovery-tab... • https://kb.juniper.net/JSA11119 • CWE-770: Allocation of Resources Without Limits or Throttling •