CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39546 – Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation
https://notcve.org/view.php?id=CVE-2024-39546
11 Jul 2024 — A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 ... • https://supportportal.juniper.net/JSA83008 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39543 – Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash
https://notcve.org/view.php?id=CVE-2024-39543
11 Jul 2024 — A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * f... • https://supportportal.juniper.net/JSA83004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39541 – Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash
https://notcve.org/view.php?id=CVE-2024-39541
11 Jul 2024 — An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions be... • https://supportportal.juniper.net/JSA83001 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39538 – Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes
https://notcve.org/view.php?id=CVE-2024-39538
11 Jul 2024 — A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions b... • https://supportportal.juniper.net/JSA82998 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39537 – Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network
https://notcve.org/view.php?id=CVE-2024-39537
11 Jul 2024 — An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions b... • https://supportportal.juniper.net/JSA82997 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-39536 – Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak
https://notcve.org/view.php?id=CVE-2024-39536
11 Jul 2024 — A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavi... • https://supportportal.juniper.net/JSA82996 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39531 – Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols
https://notcve.org/view.php?id=CVE-2024-39531
11 Jul 2024 — An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be... • https://supportportal.juniper.net/JSA82991 • CWE-229: Improper Handling of Values •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-39528 – Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash
https://notcve.org/view.php?id=CVE-2024-39528
11 Jul 2024 — A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3... • https://supportportal.juniper.net/JSA82987 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2024-39517 – Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured
https://notcve.org/view.php?id=CVE-2024-39517
10 Jul 2024 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore servic... • https://supportportal.juniper.net/JSA79175 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39514 – Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash
https://notcve.org/view.php?id=CVE-2024-39514
10 Jul 2024 — An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects... • https://supportportal.juniper.net/JSA82980 • CWE-703: Improper Check or Handling of Exceptional Conditions •