CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-22170 – Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset
https://notcve.org/view.php?id=CVE-2022-22170
A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions of Junos OS prior to 19.4R1. Una vulnerabilidad de Falta de Liberación de Recursos Después del Tiempo de Vida Efectivo en el Motor de Reenvío de Paquetes (PFE) del Sistema Operativo Junos de Juniper Networks permite a un atacante no autenticado en red causar una denegación de servicio (DoS) mediante el envío de paquetes específicos a través de VXLAN que causan una pérdida de memoria de la pila y, al agotarse, el PFE es reiniciado. El uso de la memoria de la pila puede supervisarse con el comando: user@host) show chassis fpc Este problema afecta a: Juniper Networks Junos OS 19.4 versiones anteriores a 19.4R2-S6, 19.4R3-S6; 20.1 versiones anteriores a 20.1R3-S2; versiones 20.2 anteriores a 20.2R3-S3; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R3; versiones 21.2 anteriores a 21.2R2. • https://kb.juniper.net/JSA11277 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 0CVE-2022-22168 – Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot
https://notcve.org/view.php?id=CVE-2022-22168
An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. Una vulnerabilidad de Comprobación Inapropiada del Tipo de Entrada especificado en el kernel del Sistema Operativo Junos de Juniper Networks permite a un atacante adyacente no autenticado desencadenar una vulnerabilidad de Falta de Liberación de Memoria Después del Tiempo de Vida Efectivo. Una explotación continuada de esta vulnerabilidad conllevará finalmente a un reinicio del FPC y, por tanto, una denegación de servicio (DoS). • https://kb.juniper.net/JSA11275 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.0EPSS: 0%CPEs: 412EXPL: 0CVE-2021-31382 – Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces
https://notcve.org/view.php?id=CVE-2021-31382
On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. • https://kb.juniper.net/JSA11250 https://kb.juniper.net/KB10956 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •