CVE-2021-31382 – Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces
https://notcve.org/view.php?id=CVE-2021-31382
On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. • https://kb.juniper.net/JSA11250 https://kb.juniper.net/KB10956 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-31378 – Junos OS: An attacker sending spoofed RADIUS messages to a Junos OS device configured for broadband services may cause broadband subscribers to remain stuck in a "Terminating" state.
https://notcve.org/view.php?id=CVE-2021-31378
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this "Terminating" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the "Terminating" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the "Terminating" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the "Terminating" state thereby creating a persistent Denial of Service to the subscriber. • https://kb.juniper.net/JSA11246 https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/general-authentication-service-events-tracing.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2021-31377 – Junos OS: A local authenticated attacker can cause RPD to core
https://notcve.org/view.php?id=CVE-2021-31377
An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to crash and restart, causing a Denial of Service (DoS). Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. Una vulnerabilidad de Asignación Incorrecta de Permisos para Recursos Críticos de un determinado archivo del sistema de archivos de Junos OS permite a un atacante local autenticado causar el bloqueo y el reinicio del demonio de proceso de enrutamiento (RPD), causando una Denegación de Servicio (DoS). Las acciones repetidas del atacante crearán una condición de Denegación de Servicio (DoS) sostenida. • https://kb.juniper.net/JSA11242 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-31372 – Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.
https://notcve.org/view.php?id=CVE-2021-31372
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; Una vulnerabilidad de comprobación de entrada inapropiada en J-Web de Juniper Networks Junos OS permite a un atacante de J-Web autenticado localmente escalar sus privilegios a root sobre el dispositivo de destino. Este problema afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S6; versiones 19.2 anteriores a 19.2R3-S3; versiones 19.3 anteriores a 19.3R3-S3; versiones 19.4 anteriores a 19. 4R3-S5; versiones 20.1 anteriores a 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2, 21.1R3; 21.2 versiones anteriores a 21.2R1-S1, 21.2R2 • https://kb.juniper.net/JSA11237 • CWE-20: Improper Input Validation •
CVE-2021-31371 – Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces.
https://notcve.org/view.php?id=CVE-2021-31371
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; El sistema operativo Junos de Juniper Networks utiliza la subred 128.0.0.0/2 para las comunicaciones internas entre el RE y los PFE. Se ha descubierto que los paquetes que utilizan estas direcciones IP pueden salir de un conmutador de la serie QFX5000, filtrando información de configuración como los latidos del corazón, las versiones del kernel, etc. a Internet, lo que lleva a una vulnerabilidad de exposición de información. Este problema afecta al sistema operativo Junos de Juniper Networks en las series QFX5110, QFX5120, QFX5200, QFX5210 y QFX5100 con la imagen de la serie QFX 5e instalada: Todas las versiones anteriores a 17.3R3-S12; 18.1 versiones anteriores a 18.1R3-S13; 18.3 versiones anteriores a 18.3R3-S5; 19.1 versiones anteriores a 19.1R3-S6; 19.2 versiones anteriores a 19.2R1-S7, 19.2R3-S3; 19.3 versiones anteriores a 19.3R2-S6, 19.3R3-S3; 19. 4 versiones anteriores a 19.4R1-S4, 19.4R3-S5; 20.1 versiones anteriores a 20.1R2-S2, 20.1R3-S1; 20.2 versiones anteriores a 20.2R3-S2; 20.3 versiones anteriores a 20.3R3-S1; 20.4 versiones anteriores a 20.4R2-S1, 20.4R3; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2; • https://kb.juniper.net/JSA11236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •