CVE-2021-0214 – Junos OS: Denial of Service in ppmd upon receipt of malformed packet
https://notcve.org/view.php?id=CVE-2021-0214
A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitation of this issue requires direct, adjacent connectivity to the vulnerable component. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Una vulnerabilidad en el demonio de administración periódica de paquetes (PPMD) distribuido o centralizado de Juniper Networks Junos OS, puede causar que la recepción de un paquete malformado se bloquee y reinicie el proceso PPMD, conllevando a la desestabilización de la red, la interrupción del servicio y una condición de Denegación de Servicio (DoS) . • https://kb.juniper.net/JSA11117 • CWE-20: Improper Input Validation •
CVE-2021-0223 – Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0223
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2. Una vulnerabilidad de escalada de privilegios local en telnetd.real de Juniper Networks Junos OS, puede permitir a un usuario de shell autenticado local escalar privilegios y ejecutar comandos arbitrarios como root. telnetd.real es enviado con permisos setuid habilitados y es propiedad del usuario root, permitiendo a usuarios locales ejecutar telnetd.real con privilegios root. Este problema afecta a Juniper Networks Junos OS: todas las versiones anteriores a 15.1R7-S9; versiones 17.3 anteriores a 17.3R3-S11; versiones 17.4 anteriores a 17.4R2-S12, 17.4R3-S3; versiones 18.1 anteriores a 18.1R3-S11; versiones 18.2 anteriores a 18.2R3-S6; versiones 18.3 anteriores a 18.3R2-S4, 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S7, 18.4R3-S6; versiones 19.1 anteriores a 19.1R2-S2, 19.1R3-S4; versiones 19.2 anteriores a 19.2R1-S6, 19.2R3-S1; versiones 19.3 anteriores a 19.3R3-S1; versiones 19.4 anteriores a 19.4R2-S2, 19.4R3; versiones 20.1 anteriores a 20. • https://kb.juniper.net/JSA11114 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2021-0221 – Junos OS: QFX Series: Traffic loop Denial of Service (DoS) upon receipt of specific IP multicast traffic
https://notcve.org/view.php?id=CVE-2021-0221
In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be used to monitor the interface traffic: user@junos> monitor interface traffic Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956) et-0/0/25 Up 343458103 (1) 156844 (0) ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) This issue affects Juniper Networks Junos OS on QFX Series: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. En un escenario EVPN/VXLAN, si es configurada una interfaz IRB con una dirección de puerta de enlace virtual (VGA) en un PE, puede ocurrir un bucle de tráfico al recibir tráfico de multidifusión IP específico. El bucle de tráfico causará que un tráfico de la interfaz aumente anormalmente, lo que últimamente conllevará a una Denegación de Servicio (DoS) en el procesamiento de paquetes. • https://kb.juniper.net/JSA11111 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-0220 – Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
https://notcve.org/view.php?id=CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. Se ha encontrado que Junos Space Network Management Platform almacena secretos compartidos en un formato recuperable que puede ser expuesto por medio de la Interfaz de Usuario. • https://kb.juniper.net/JSA11110 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2021-0219 – Junos OS: Command injection vulnerability in 'request system software' CLI command
https://notcve.org/view.php?id=CVE-2021-0219
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. This issue affects Juniper Networks Junos OS: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Una vulnerabilidad de inyección de comandos en el subsistema de comprobación de paquetes de instalación del Juniper Networks Junos OS, que puede permitir a un atacante autenticado localmente privilegiado ejecutar comandos con privilegios root. • https://kb.juniper.net/JSA11109 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •