Page 4 of 94 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. Una vulnerabilidad de exposición de recursos a una esfera incorrecta en el Packet Forwarding Engine (PFE) de Juniper Networks Junos OS en la serie MX permite a un atacante no autenticado basado en la red eludir las restricciones de acceso previstas. En un escenario de Abstracted Fabric (AF), si se configuran instancias de enrutamiento (RI), el tráfico válido específico destinado al dispositivo puede omitir los filtros de firewall lo0 configurados, ya que se recibe en el contexto de RI incorrecto. Este problema afecta a Juniper Networks Junos OS en la serie MX: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S3; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2. • https://supportportal.juniper.net/JSA75738 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.3EPSS: 0%CPEs: 152EXPL: 0

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS). Si un atacante envía un mensaje de ACTUALIZACIÓN de BGP específico al dispositivo, esto provocará una sobrescritura de la memoria y, por lo tanto, un bloqueo del RPD y un reinicio en el Routing Engine (RE) de respaldo. • https://supportportal.juniper.net/JSA75735 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2. Una vulnerabilidad de validación inadecuada de la corrección sintáctica de la entrada en el Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Si un atacante envía una alta tasa de tráfico ICMP específico a un dispositivo con VXLAN configurado, esto provoca un bloqueo del PFE y hace que el dispositivo deje de responder. Será necesario reiniciar manualmente para recuperar el dispositivo. • https://advisory.juniper.net/JSA75734 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-1286: Improper Validation of Syntactic Correctness of Input •

CVSS: 5.5EPSS: 0%CPEs: 74EXPL: 0

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el Network Services Daemon (NSD) de Juniper Networks Junos OS permite que un atacante local autenticado y con pocos privilegios provoque una denegación de servicio (DoS). En un dispositivo de la serie SRX 5000, al ejecutar un comando específico repetidamente, la memoria se daña, lo que provoca un bloqueo del Flow Processing Daemon (flowd). El proceso NSD debe reiniciarse para restaurar los servicios. Si ocurre este problema, se puede verificar con el siguiente comando: usuario@host&gt; solicitar políticas de seguridad verificar También se puede observar el siguiente mensaje de registro: Error: policies are out of sync for PFE node.fpc.pic. • https://supportportal.juniper.net/JSA75733 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 91EXPL: 0

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. Una vulnerabilidad de escritura fuera de los límites en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS) o una ejecución remota de código (RCE) y obtenga privilegios de root en el dispositivo. Este problema se debe al uso de una función insegura que permite a un atacante sobrescribir la memoria arbitraria. Este problema afecta a las series Junos OS SRX y EX de Juniper Networks: * Versiones de Junos OS anteriores a 20.4R3-S9; * Versiones de Junos OS 21.2 anteriores a 21.2R3-S7; * Versiones de Junos OS 21.3 anteriores a 21.3R3-S5; * Versiones de Junos OS 21.4 anteriores a 21.4R3-S5; * Versiones de Junos OS 22.1 anteriores a 22.1R3-S4; * Versiones de Junos OS 22.2 anteriores a 22.2R3-S3; * Versiones de Junos OS 22.3 anteriores a 22.3R3-S2; * Versiones de Junos OS 22.4 anteriores a 22.4R2-S2, 22.4R3. • https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html https://supportportal.juniper.net/JSA75729 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N • CWE-787: Out-of-bounds Write •