CVE-2018-0009 – SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured.
https://notcve.org/view.php?id=CVE-2018-0009
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series. En los dispositivos Juniper de la serie SRX, las reglas de firewall configuradas para hacer "match" en UUID de aplicación personalizados que empiezan con ceros pueden hacer "match" en todo el tráfico TCP. A causa de este problema, al tráfico que se debería haber bloqueado por otras reglas se le permite fluir a través del dispositivo, resultando en una condición de omisión de firewall. • http://www.securityfocus.com/bid/102491 http://www.securitytracker.com/id/1040187 https://kb.juniper.net/JSA10836 •
CVE-2018-0002 – MX series, SRX series: Junos OS: Denial of service vulnerability in Flowd on devices with ALG enabled.
https://notcve.org/view.php?id=CVE-2018-0002
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue. En dispositivos de las series SRX y MX con un Service PIC con cualquier ALG habilitado, un paquete de respuesta TCP/IP manipulado procesado por el dispositivo resulta en una corrupción de memoria que provoca que el demonio flowd se cierre de manera inesperada. • http://www.securitytracker.com/id/1040178 https://kb.juniper.net/JSA10829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-0001 – Junos: Unauthenticated Remote Code Execution through J-Web interface
https://notcve.org/view.php?id=CVE-2018-0001
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70. Un atacante remoto no autenticado podría ejecutar código explotando un defecto de uso de memoria previamente liberada en versiones antiguas de PHP mediante la inyección de datos manipulados a través de URL PHP específicas en el contexto del proceso J-Web. Las distribuciones afectadas son Juniper Networks Junos OS: 12.1X46 anterior a 12.1X46-D67; 12.3 anterior a 12.3R12-S5; 12.3X48 anterior a 12.3X48-D35; 14.1 anterior a 14.1R8-S5, 14.1R9; 14.1X53 anterior a 14.1X53-D44, 14.1X53-D50; 14.2 anterior a 14.2R7-S7, 14.2R8; 15.1 anterior a 15.1R3; 15.1X49 anterior a 15.1X49-D30; 15.1X53 anterior a 15.1X53-D70. • http://www.securityfocus.com/bid/103092 http://www.securitytracker.com/id/1040180 https://kb.juniper.net/JSA10828 • CWE-416: Use After Free •
CVE-2018-0004 – Junos OS: Kernel Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0004
A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. • http://www.securitytracker.com/id/1040183 https://kb.juniper.net/JSA10832 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-10614 – Junos OS: A remote unauthenticated attacker can consume large amounts of CPU and/or memory through telnetd
https://notcve.org/view.php?id=CVE-2017-10614
A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47. Un vulnerabilidad en el servicio telnetd en Junos OS permite a un atacante remoto provocar un ataque de denegación de servicio por limitación de memoria o consumo de recursos de CPU. Se encontró el problema durante un análisis de seguridad interno del producto. • https://kb.juniper.net/JSA10817 • CWE-400: Uncontrolled Resource Consumption •