CVSS: 7.8EPSS: 0%CPEs: 183EXPL: 0CVE-2021-0255 – Junos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0255
A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1. Una vulnerabilidad de escalada de privilegios local en ethtraceroute de Juniper Networks Junos OS, puede permitir a un usuario autenticado localmente con acceso de shell escalar privilegios y escribir en el sistema de archivos local como root. ethtraceroute es enviado con los permisos setuid habilitados y es propiedad del usuario root, permitiendo a usuarios locales locales ejecutar ethtraceroute con privilegios de root. Este problema afecta a Junos de Juniper Networks OS: versiones 15.1X49 anteriores a 15.1X49-D240; Versiones 17.3 anteriores a 17.3R3-S11, versiones 17.4 anteriores a 17.4R3-S4; versiones 18.1 anteriores a 18.1R3-S12; versiones 18.2 anteriores a 18.2R3-S7; versiones 18.3 anteriores a 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S7; versiones 19.1 anteriores a 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; versiones 19.3 anteriores a 19.3R3-S2; versiones 19.4 anteriores a 19.4R3-S1; versiones 20.1 anteriores a 20.1R2, 20.1R3; versiones 20.2 anteriores a 20.2R2-S1, 20.2R3 • https://kb.juniper.net/JSA11175 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 235EXPL: 0CVE-2021-0254 – Junos OS: Remote code execution vulnerability in overlayd service
https://notcve.org/view.php?id=CVE-2021-0254
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. • https://kb.juniper.net/JSA11147 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 184EXPL: 0CVE-2021-0245 – Junos OS: Junos Fusion: Hard-coded credentials on satellite devices allows a locally authenticated attacker to elevate their privileges.
https://notcve.org/view.php?id=CVE-2021-0245
A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and later versions; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affected Junos OS releases prior to 16.1R1 or all 19.2R3 and 19.4R3 release versions. Una vulnerabilidad de Uso de Credenciales Embebidas en Juniper Networks Junos OS en dispositivos satelitales Junos Fusion, permite a un atacante que es local al dispositivo elevar sus privilegios y tomar el control del dispositivo. Este problema afecta a: Juniper Networks Junos OS Junos Fusion Satellite Devices versiones 16.1 anteriores a 16.1R7-S7; versiones 17.1 anteriores a 17.1R2-S12, 17.1R3-S2; versiones 17.2 anteriores a 17.2R3-S4; versiones 17.3 anteriores a 17.3R3-S8; versiones 17.4 anteriores a 17.4R2-S10; versiones 17.4, 17.4R3 y versiones posteriores; versiones 18.1 anteriores a 18.1R3-S10; versiones 18.2 anteriores a 18.2R2-S7, 18.2R3-S3; versiones 18.3 anteriores a 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; versiones 18.4 anteriores a 18.4R1-S6, 18.4R2-S4, 18.4R3-S1;  versiones 19.1anteriores a 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versiones anteriores a 19.2R1-S4, 19.2R2; versiones 19.3 anteriores a 19.3R2-S5, 19.3R3; versiones 19. • https://kb.juniper.net/JSA11138 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.7EPSS: 0%CPEs: 172EXPL: 0CVE-2021-0243 – Junos OS: EX4300: Stateless firewall policer fails to discard traffic
https://notcve.org/view.php?id=CVE-2021-0243
Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set policer limits. Traffic will not get discarded, and will be forwarded even though a policer discard action is configured. When the issue occurs, traffic is not discarded as desired, which can be observed by comparing the Input bytes with the Output bytes using the following command: user@junos> monitor interface traffic Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 37425422 (82616) 37425354 (82616) <<<< egress ge-0/0/1 Up 37425898 (82616) 37425354 (82616) <<<< ingress The expected output, with input and output counters differing, is shown below: Interface Link Input bytes (bps) Output bytes (bps) ge-0/0/0 Up 342420570 (54600) 342422760 (54600) <<<< egress ge-0/0/1 Up 517672120 (84000) 342420570 (54600) <<<< ingress This issue only affects IPv4 policing. IPv6 traffic and firewall policing actions are not affected by this issue. • https://kb.juniper.net/JSA11136 • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 6.5EPSS: 0%CPEs: 181EXPL: 0CVE-2021-0242 – Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured
https://notcve.org/view.php?id=CVE-2021-0242
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! • https://kb.juniper.net/JSA11135 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-241: Improper Handling of Unexpected Data Type CWE-770: Allocation of Resources Without Limits or Throttling •