CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2021-0202 – Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain
https://notcve.org/view.php?id=CVE-2021-0202
15 Jan 2021 — On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command... • https://kb.juniper.net/JSA11092 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 243EXPL: 0CVE-2020-1680 – Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration.
https://notcve.org/view.php?id=CVE-2020-1680
16 Oct 2020 — On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS... • https://kb.juniper.net/JSA11077 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.3EPSS: 0%CPEs: 103EXPL: 0CVE-2020-1665 – Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected.
https://notcve.org/view.php?id=CVE-2020-1665
16 Oct 2020 — On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/o... • https://kb.juniper.net/JSA11062 • CWE-794: Incomplete Filtering of Multiple Instances of Special Elements •
CVSS: 5.3EPSS: 0%CPEs: 138EXPL: 0CVE-2020-1655 – Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation
https://notcve.org/view.php?id=CVE-2020-1655
17 Jul 2020 — When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO ... • https://kb.juniper.net/JSA11041 •
CVSS: 6.5EPSS: 0%CPEs: 54EXPL: 0CVE-2020-1651 – Junos OS: MX Series: PFE on the line card may crash due to memory leak.
https://notcve.org/view.php?id=CVE-2020-1651
17 Jul 2020 — On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 ver... • https://kb.juniper.net/JSA11038 • CWE-19: Data Processing Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2020-1650 – Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC
https://notcve.org/view.php?id=CVE-2020-1650
17 Jul 2020 — On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17... • https://kb.juniper.net/JSA11037 •
CVSS: 7.5EPSS: 0%CPEs: 133EXPL: 0CVE-2020-1649 – Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly
https://notcve.org/view.php?id=CVE-2020-1649
17 Jul 2020 — When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO r... • https://kb.juniper.net/JSA11036 •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 0CVE-2020-1633 – Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service
https://notcve.org/view.php?id=CVE-2020-1633
09 Apr 2020 — Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability. This issue only affects ... • https://kb.juniper.net/JSA11012 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 0CVE-2020-1608 – Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service
https://notcve.org/view.php?id=CVE-2020-1608
15 Jan 2020 — Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from... • https://kb.juniper.net/JSA10987 •
CVSS: 7.5EPSS: 0%CPEs: 259EXPL: 0CVE-2019-0065 – Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC
https://notcve.org/view.php?id=CVE-2019-0065
09 Oct 2019 — On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; ... • https://kb.juniper.net/JSA10964 •