CVSS: 6.5EPSS: 0%CPEs: 381EXPL: 0CVE-2022-22160 – Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message
https://notcve.org/view.php?id=CVE-2022-22160
An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. Una vulnerabilidad de condición de error no comprobada en el demonio de gestión de suscriptores (smgd) del sistema operativo Junos de Juniper Networks permite que un atacante adyacente no autenticado provoque un bloqueo y, por tanto, una denegación de servicio (DoS). • https://kb.juniper.net/JSA11268 • CWE-391: Unchecked Error Condition •
CVSS: 9.3EPSS: 0%CPEs: 114EXPL: 0CVE-2022-22157 – Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled
https://notcve.org/view.php?id=CVE-2022-22157
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. • https://kb.juniper.net/JSA11265 • CWE-863: Incorrect Authorization •
CVSS: 7.4EPSS: 0%CPEs: 112EXPL: 1CVE-2022-22156 – Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL
https://notcve.org/view.php?id=CVE-2022-22156
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una debilidad de comprobación de certificados inapropiada en el Sistema Operativo Junos de Juniper Networks permite a un atacante llevar a cabo ataques de tipo Person-in-the-Middle (PitM) cuando es obtenida una secuencia de comandos del sistema desde una fuente remota en una URL HTTPS especificada, que puede comprometer la integridad y la confidencialidad del dispositivo. El siguiente comando puede ser ejecutado por un administrador por medio de la CLI para refrescar un script desde una ubicación remota, lo cual está afectado por esta vulnerabilidad: )request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url (https-url) Este problema afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 18.4R2-S9, 18.4R3-S9; 19.1 versiones anteriores a 19.1R2-S3, 19.1R3-S7; 19.2 versiones anteriores a 19.2R1-S7, 19.2R3-S3; 19.3 versiones anteriores a 19.3R3-S4; 19. 4 versiones anteriores a 19.4R3-S7; 20.1 versiones anteriores a 20.1R2-S2, 20.1R3; 20.2 versiones anteriores a 20.2R3; versiones 20.3 anteriores a 20.3R2-S1, 20.3R3; 20.4 versiones anteriores a 20.4R2; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2 • https://kb.juniper.net/JSA11264 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.9EPSS: 0%CPEs: 227EXPL: 0CVE-2021-31386 – Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.
https://notcve.org/view.php?id=CVE-2021-31386
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Una vulnerabilidad de fallo del mecanismo de protección en el servicio J-Web HTTP de Juniper Networks Junos OS permite a un atacante remoto no autenticado llevar a cabo ataques de tipo Person-in-the-Middle (PitM) contra el dispositivo. Este problema afecta a: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S20; 15.1 versiones anteriores a 15.1R7-S11; versiones 18.3 anteriores a 18.3R3-S6; versiones 18.4 anteriores a 18.4R3-S10; versiones 19.1 anteriores a 19.1R3-S7; versiones 19.2 anteriores a 19.2R3-S4; 19. 3 versiones anteriores a 19.3R3-S4; versiones 19.4 anteriores a 19.4R3-S6; versiones 20.1 anteriores a 20.1R3-S2; versiones 20.2 anteriores a 20.2R3-S3; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R3; 21.2 versiones anteriores a 21.2R2 • https://kb.juniper.net/JSA11254 • CWE-300: Channel Accessible by Non-Endpoint CWE-311: Missing Encryption of Sensitive Data CWE-325: Missing Cryptographic Step CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 211EXPL: 0CVE-2021-31385 – Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root
https://notcve.org/view.php?id=CVE-2021-31385
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en J-Web de Juniper Networks Junos OS permite a cualquier atacante autenticado poco privilegiado elevarlos a root. Este problema afecta a: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S19; 15.1 versiones anteriores a 15.1R7-S10; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S6; versiones 19.2 anteriores a 19.2R1-S7, 19.2R3-S3; 19. 3 versiones anteriores a 19.3R3-S3; versiones 19.4 anteriores a 19.4R3-S5; versiones 20.1 anteriores a 20.1R2-S2, 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R2-S1, 20.4R3; versiones 21.1 anteriores a 21.1R1-S1, 21.1R2 • https://kb.juniper.net/JSA11253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •