CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2019-0002 – Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect
https://notcve.org/view.php?id=CVE-2019-0002
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. En las series EX2300 y EX3400, la configuración sin estado del filtro del firewall que emplea la acción "policer" junto con otras acciones podría no aplicarse. Cuando este problema ocurre, el resultado del comando show pfe filter hw summary no mostrará la entrada para: RACL group. • http://www.securityfocus.com/bid/106669 https://kb.juniper.net/JSA10901 https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html • CWE-794: Incomplete Filtering of Multiple Instances of Special Elements •
CVSS: 7.5EPSS: 0%CPEs: 103EXPL: 0CVE-2019-0013 – Junos OS: RPD crash upon receipt of malformed PIM packet
https://notcve.org/view.php?id=CVE-2019-0013
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R2-S3, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2. • http://www.securityfocus.com/bid/106519 https://kb.juniper.net/JSA10913 • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 0%CPEs: 147EXPL: 0CVE-2019-0012 – Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message
https://notcve.org/view.php?id=CVE-2019-0012
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. • http://www.securityfocus.com/bid/106536 https://kb.juniper.net/JSA10912 •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0016 – Junos Space: Authenticated user able to delete devices without delete device privileges
https://notcve.org/view.php?id=CVE-2019-0016
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. Un usuario autenticado malicioso podría ser capaz de eliminar un dispositivo de la base de datos de Junos Space sin los privilegios necesarios mediante interacciones Ajax manipuladas obtenidas de otra acción legítima eliminada realizada por otro usuario administrativo. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0017 – Junos Space: Unrestricted file upload vulnerability
https://notcve.org/view.php?id=CVE-2019-0017
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. La aplicación de Junos Space, que permite que los archivos Device Image se suban, tiene una comprobación de validez insuficiente, lo que podría permitir la subida de imágenes o scripts, así como otros tipos de contenido. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1. • https://kb.juniper.net/JSA10917 • CWE-434: Unrestricted Upload of File with Dangerous Type •