CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0026 – Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade
https://notcve.org/view.php?id=CVE-2018-0026
After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3. Tras un reinicio o actualización del dispositivo Junos OS, la configuración del filtro del firewall sin estado podría no surtir efecto. • http://www.securityfocus.com/bid/104720 http://www.securitytracker.com/id/1041315 https://kb.juniper.net/JSA10859 •
CVSS: 5.9EPSS: 0%CPEs: 262EXPL: 0CVE-2018-0034 – Junos OS: A malicious crafted IPv6 DHCP packet may cause the JDHCPD daemon to core
https://notcve.org/view.php?id=CVE-2018-0034
A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2. Existe una vulnerabilidad de denegación de servicio (DoS) en el demonio JDHCPD en Junos OS, de Juniper Networks, que permite que un atacante elimine el núcleo del demonio JDHCPD mediante el envío de un paquete IPv6 manipulado al sistema. • http://www.securitytracker.com/id/1041338 https://apps.juniper.net/feature-explorer/search.html#q=dhcp https://kb.juniper.net/JSA10868 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 181EXPL: 0CVE-2018-0031 – Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules
https://notcve.org/view.php?id=CVE-2018-0031
Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. • http://www.securitytracker.com/id/1041326 https://kb.juniper.net/JSA10865 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 141EXPL: 0CVE-2018-0029 – Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0'
https://notcve.org/view.php?id=CVE-2018-0029
While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. Al experimentar una "tormenta de transmisiones" (broadcast storm), la colocación de la interfaz fxp0 en modo promiscuo mediante la "interfaz fxp0 de tráfico de monitorización" puede provocar que el sistema se cierre inesperadamente y se reinicie (vmcore). • http://www.securitytracker.com/id/1041319 https://kb.juniper.net/JSA10863 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-0037 – Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages
https://notcve.org/view.php?id=CVE-2018-0037
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7; El proceso RPD (Routing Protocol Daemon) de Junos OS podría cerrarse inesperadamente y reiniciarse o podría conducir a la ejecución remota de código mientras procesa mensajes BGP NOTIFICATION determinados. • http://www.securitytracker.com/id/1041339 https://kb.juniper.net/JSA10871 • CWE-20: Improper Input Validation •