CVSS: 6.5EPSS: 0%CPEs: 143EXPL: 0CVE-2023-22392 – Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak
https://notcve.org/view.php?id=CVE-2023-22392
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc". The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2. Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado provoque una Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA73530 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2023-44190 – Junos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-44190
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO. Una vulnerabilidad de validación de origen en la validación de direcciones MAC de Juniper Networks Junos OS Evolved en dispositivos PTX10001, PTX10004, PTX10008 y PTX10016 permite que un atacante adyacente a la red omita la verificación de direcciones MAC, lo que permite reenviar direcciones MAC que no están destinadas a llegar a la LAN adyacente a la red descendente. Debido a este problema, el router comenzará a reenviar tráfico si hay una ruta válida en la tabla de reenvío, lo que provocará un bucle y una congestión en el dominio de capa 2 descendente conectado al dispositivo. Este problema afecta a Juniper Networks Junos OS Evolved en PTX10001, PTX10004, PTX10008 y PTX10016: * Todas las versiones anteriores a 21.4R3-S5-EVO; * Versiones 22.1 anteriores a 22.1R3-S4-EVO; * 22.2 versiones 22.2R1-EVO y posteriores; * Versiones 22.3 anteriores a 22.3R2-S2-EVO, 22.3R3-S1-EVO; * Versiones 22.4 anteriores a 22.4R2-S1-EVO, 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R1-S1-EVO, 23.2R2-EVO. • https://supportportal.juniper.net/JSA73154 • CWE-346: Origin Validation Error •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2023-44189 – Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-44189
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO. Una vulnerabilidad de validación de origen en la validación de direcciones MAC de Juniper Networks Junos OS Evolved en la serie PTX10003 permite que un atacante adyacente a la red omita la verificación de direcciones MAC, lo que permite que las direcciones MAC que no están destinadas a llegar a la LAN adyacente se reenvíen a la red descendente. Debido a este problema, el router comenzará a reenviar tráfico si hay una ruta válida en la tabla de reenvío, lo que provocará un bucle y una congestión en el dominio de capa 2 descendente conectado al dispositivo. Este problema afecta a Juniper Networks Junos OS Evolved en la serie PTX10003: * Todas las versiones anteriores a 21.4R3-S4-EVO; * Versiones 22.1 anteriores a 22.1R3-S3-EVO; * 22.2 versión 22.2R1-EVO y versiones posteriores; * Versiones 22.3 anteriores a 22.3R2-S2-EVO, 22.3R3-S1-EVO; * Versiones 22.4 anteriores a 22.4R2-S1-EVO, 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R2-EVO. • https://supportportal.juniper.net/JSA73153 • CWE-346: Origin Validation Error •
CVSS: 5.3EPSS: 0%CPEs: 96EXPL: 0CVE-2023-44188 – Junos OS: jkdsd crash due to multiple telemetry requests
https://notcve.org/view.php?id=CVE-2023-44188
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. Note: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. Una vulnerabilidad de condición de ejecución de Tiempo de Verificación y Tiempo de Uso (TOCTOU) en el procesamiento de telemetría de Juniper Networks Junos OS permite que un atacante autenticado basado en red inunde el sistema con múltiples solicitudes de telemetría, lo que provoca que Junos Kernel Debugging Streaming Daemon (jkdsd ) falle el proceso, lo que provoca una Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA73152 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 66EXPL: 0CVE-2023-44187 – Junos OS Evolved: 'file copy' CLI command can disclose password to shell users
https://notcve.org/view.php?id=CVE-2023-44187
An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO. Una vulnerabilidad de Exposición de Información Confidencial en el comando 'file copy' de Junos OS Evolved permite a un atacante local autenticado con acceso al shell ver las contraseñas proporcionadas en la línea de comandos CLI. Estas credenciales se pueden utilizar para proporcionar acceso no autorizado al sistema remoto. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S7-EVO; * 21.1 versiones 21.1R1-EVO y posteriores; * Versiones 21.2 anteriores a 21.2R3-S5-EVO; * Versiones 21.3 anteriores a 21.3R3-S4-EVO; * Versiones 21.4 anteriores a 21.4R3-S4-EVO; * Versiones 22.1 anteriores a 22.1R3-S2-EVO; * Versiones 22.2 anteriores a 22.2R2-EVO. • https://supportportal.juniper.net/JSA73151 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •