CVSS: 9.8EPSS: 6%CPEs: 23EXPL: 0CVE-2019-0008 – QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process
https://notcve.org/view.php?id=CVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2. Una cierta secuencia de paquetes BGP o IPv6 BFD válidos puede desencadenar un desbordamiento de búfer basado en pila en Junos OS Packet Forwarding Engine manager (FXPC), en dispositivos de las series QFX5000, EX4300, EX4600. Este problema puede resultar en un fallo del demonio fxpc o puede llevar a la ejecución remota del código. • http://www.securityfocus.com/bid/107897 https://kb.juniper.net/JSA10930 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2019-0005
https://notcve.org/view.php?id=CVE-2019-0005
On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. En las series EX2300, EX3400, EX4600, QFX3K y QFX5K, la configuración del filtro del firewall no puede realizar la concordancia de paquetes en ninguna cabecera de extensión IPv6. • http://www.securityfocus.com/bid/106665 https://kb.juniper.net/JSA10905 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 75EXPL: 0CVE-2019-0001 – Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).
https://notcve.org/view.php?id=CVE-2019-0001
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. • http://www.securityfocus.com/bid/106541 https://kb.juniper.net/JSA10900 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 147EXPL: 0CVE-2019-0012 – Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message
https://notcve.org/view.php?id=CVE-2019-0012
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. • http://www.securityfocus.com/bid/106536 https://kb.juniper.net/JSA10912 •
CVSS: 5.5EPSS: 0%CPEs: 95EXPL: 0CVE-2019-0015 – Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot
https://notcve.org/view.php?id=CVE-2019-0015
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. • http://www.securityfocus.com/bid/106668 https://kb.juniper.net/JSA10915 • CWE-613: Insufficient Session Expiration •