CVSS: 7.4EPSS: 0%CPEs: 268EXPL: 0CVE-2021-0244 – Junos OS: A race condition in the storm control profile may allow an attacker to cause a Denial of Service condition
https://notcve.org/view.php?id=CVE-2021-0244
22 Apr 2021 — A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case and only occurs during specific actions taken by an administrator of a device under certain specifics actions which triggers the event. The event occurs less frequently on devices which are not configured with Vir... • https://kb.juniper.net/JSA11137 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 38EXPL: 0CVE-2021-0231 – Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure.
https://notcve.org/view.php?id=CVE-2021-0231
22 Apr 2021 — A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. Una vulnerabilidad de Salto de Ruta en las serie... • https://kb.juniper.net/JSA11126 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 208EXPL: 0CVE-2021-0230 – Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics
https://notcve.org/view.php?id=CVE-2021-0230
22 Apr 2021 — On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free km... • https://kb.juniper.net/JSA11125 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 149EXPL: 0CVE-2021-0227 – Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets
https://notcve.org/view.php?id=CVE-2021-0227
22 Apr 2021 — An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Juno... • https://kb.juniper.net/JSA11122 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 336EXPL: 0CVE-2021-0211 – Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.
https://notcve.org/view.php?id=CVE-2021-0211
15 Jan 2021 — An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Network... • https://kb.juniper.net/JSA11101 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 185EXPL: 0CVE-2021-0208 – Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.
https://notcve.org/view.php?id=CVE-2021-0208
15 Jan 2021 — An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to ... • https://kb.juniper.net/JSA11098 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2021-0206 – Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured.
https://notcve.org/view.php?id=CVE-2021-0206
15 Jan 2021 — A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX ... • https://kb.juniper.net/JSA11096 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 187EXPL: 0CVE-2020-1688 – Junos OS: SRX and NFX Series: Insufficient Web API private key protection
https://notcve.org/view.php?id=CVE-2020-1688
16 Oct 2020 — On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obta... • https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911 • CWE-320: Key Management Errors CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 237EXPL: 0CVE-2020-1661 – Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet.
https://notcve.org/view.php?id=CVE-2020-1661
16 Oct 2020 — On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash ... • https://kb.juniper.net/JSA11056 •
CVSS: 8.6EPSS: 0%CPEs: 344EXPL: 0CVE-2020-1613 – Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement.
https://notcve.org/view.php?id=CVE-2020-1613
08 Apr 2020 — A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device tha... • https://kb.juniper.net/JSA10996 • CWE-710: Improper Adherence to Coding Standards •