CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47497 – Junos OS: SRX Series, QFX Series, MX Series and EX Series: Receiving specific HTTPS traffic causes resource exhaustion
https://notcve.org/view.php?id=CVE-2024-47497
11 Oct 2024 — An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be u... • https://supportportal.juniper.net • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47496 – Junos OS: MX Series: The PFE will crash on running specific command
https://notcve.org/view.php?id=CVE-2024-47496
11 Oct 2024 — A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions befo... • https://supportportal.juniper.net • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47495 – Junos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.
https://notcve.org/view.php?id=CVE-2024-47495
11 Oct 2024 — An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from... • https://kb.juniper.net/JSA88122 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47494 – Junos OS: Due to a race condition AgentD process causes a memory corruption and FPC reset
https://notcve.org/view.php?id=CVE-2024-47494
11 Oct 2024 — A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recove... • https://supportportal.juniper.net/JSA88121 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47493 – Junos OS: MX Series: Trio-based FPCs: Continuous physical Interface flaps causes local FPC to crash
https://notcve.org/view.php?id=CVE-2024-47493
11 Oct 2024 — A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out ... • https://supportportal.juniper.net • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.7EPSS: 0%CPEs: 12EXPL: 0CVE-2024-47491 – Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash
https://notcve.org/view.php?id=CVE-2024-47491
11 Oct 2024 — An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. Th... • https://supportportal.juniper.net • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47490 – Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted
https://notcve.org/view.php?id=CVE-2024-47490
11 Oct 2024 — An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt ... • https://supportportal.juniper.net/JSA83009 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47489 – Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE
https://notcve.org/view.php?id=CVE-2024-47489
11 Oct 2024 — An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of... • https://supportportal.juniper.net • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39563 – Junos Space: Remote Command Execution (RCE) vulnerability in web application
https://notcve.org/view.php?id=CVE-2024-39563
11 Oct 2024 — A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulne... • https://supportportal.juniper.net/JSA88110 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 13EXPL: 0CVE-2024-39547 – Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization
https://notcve.org/view.php?id=CVE-2024-39547
11 Oct 2024 — An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, ... • https://supportportal.juniper.net/JSA88108 • CWE-755: Improper Handling of Exceptional Conditions •