CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39565 – Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
https://notcve.org/view.php?id=CVE-2024-39565
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2. Una vulnerabilidad de neutralización inadecuada de datos dentro de expresiones XPath ('inyección XPath') en J-Web incluido con Juniper Networks Junos OS permite que un atacante basado en red no autenticado ejecute comandos remotos en el dispositivo objetivo. Mientras un administrador inicia sesión en una sesión de J-Web o ha iniciado sesión previamente y posteriormente ha cerrado sesión en su sesión de J-Web, el atacante puede ejecutar comandos arbitrariamente en el dispositivo de destino con las credenciales del otro usuario. En el peor de los casos, el atacante tendrá control total sobre el dispositivo. • https://support.juniper.net/support/downloads/?p=283 https://supportportal.juniper.net/JSA83023 https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2024-39561 – Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path
https://notcve.org/view.php?id=CVE-2024-39561
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network. This issue affects Junos OS on SRX4600 and SRX5000 Series: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el demonio de flujo (flowd) de Juniper Networks Junos OS en las series SRX4600 y SRX5000 permite a un atacante enviar paquetes TCP con indicadores SYN/FIN o SYN/RST, evitando el bloqueo esperado de estos paquetes. . Un paquete TCP con SYN/FIN o SYN/RST debe descartarse en flowd. Sin embargo, cuando no-syn-check y Express Path están habilitados, estos paquetes TCP se transfieren inesperadamente a la red descendente. • https://supportportal.juniper.net/JSA83021 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39560 – Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash
https://notcve.org/view.php?id=CVE-2024-39560
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected. System kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below: user@router> show system statistics kernel memory Memory Size (kB) Percentage When Active 753092 18.4% Now Inactive 574300 14.0% Now Wired 443236 10.8% Now Cached 1911204 46.6% Now Buf 32768 0.8% Now Free 385072 9.4% Now Kernel Memory Now Data 312908 7.6% Now Text 2560 0.1% Now ... This issue affects: Junos OS: * All versions before 20.4R3-S9, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un vecino RSVP descendente lógicamente adyacente provoque el agotamiento de la memoria del kernel, lo que provoca un fallo del kernel, lo que resulta en una denegación de servicio ( DoS). La pérdida de memoria del kernel y su eventual fallo se verán cuando el vecino RSVP descendente tenga un error persistente que no se corregirá. La memoria del kernel del sistema se puede monitorear mediante el uso del comando 'mostrar la memoria del kernel de estadísticas del sistema' como se muestra a continuación: usuario@router> mostrar la memoria del kernel de estadísticas del sistema Tamaño de la memoria (kB) Porcentaje cuando está activo 753092 18,4 % ahora inactivo 574300 14,0 % ahora cableado 443236 10,8% Ahora en caché 1911204 46,6% Ahora Buf 32768 0,8% Ahora gratis 385072 9,4% Ahora Memoria del kernel Ahora Datos 312908 7,6% Ahora Texto 2560 0,1% Ahora... Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S9 , * desde 21.4 antes de 21.4R3-S5, * desde 22.1 antes de 22.1R3-S5, * desde 22.2 antes de 22.2R3-S3, * desde 22.3 antes de 22.3R3-S2, * desde 22.4 antes de 22.4R3, * desde 23.2 antes de 23.2R2 ; Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S5-EVO, * desde 22.2-EVO antes de 22.2R3-S3-EVO, * desde 22.3-EVO antes de 22.3R3- S2-EVO, * de 22.4-EVO antes de 22.4R3-EVO, * de 23.2-EVO antes de 23.2R2-EVO. • https://supportportal.juniper.net/JSA83020 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2024-39558 – Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR
https://notcve.org/view.php?id=CVE-2024-39558
An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash. This issue affects: Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3, * from 22.4 before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S10 -EVO, * from 21.2-EVO before 21.2R3-S7 -EVO, * from 21.4-EVO before 21.4R3-S6 -EVO, * from 22.1-EVO before 22.1R3-S5 -EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-EVO, * from 22.4-EVO before 22.4R2-EVO. Una vulnerabilidad de valor de retorno no verificado en el daemon de protocolo de enrutamiento (rpd) en Juniper Networks Junos OS y Juniper Networks Junos OS Evolved permite que un atacante lógicamente adyacente y no autenticado envíe un paquete PIM específico para provocar que rpd se bloquee y se reinicie, lo que resulta en una denegación de servicio. (DoS), cuando PIM está configurado con Fast Reroute de solo multidifusión (MoFRR). • https://supportportal.juniper.net/JSA83018 • CWE-252: Unchecked Return Value •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39556 – Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
https://notcve.org/view.php?id=CVE-2024-39556
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. Una vulnerabilidad de desbordamiento de búfer basado en pila en Juniper Networks Junos OS y Juniper Networks Junos OS Evolved puede permitir que un atacante local con pocos privilegios y acceso a la CLI tenga la capacidad de cargar un archivo de certificado malicioso, lo que lleva a una denegación de servicio (DoS) limitada. ) o ejecución de código privilegiado. Al explotar el comando 'set security certificates' con un archivo de certificado manipulado, un atacante malintencionado con acceso a la CLI podría provocar un fallo del daemon de administración de comandos (mgd), limitado al intérprete de comandos del usuario local, o potencialmente desencadenar un desbordamiento de búfer en la región stack de la memoria. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.4R3-S7, * desde 22.1 anterior a 22.1R3-S6, * desde 22.2 anterior a 22.2R3-S4, * desde 22.3 anterior a 22.3R3-S3, * desde 22.4 anterior a 22.4R3- S2, * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R1-S1, 23.4R2; Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S7-EVO, * desde 22.1-EVO antes de 22.1R3-S6-EVO, * desde 22.2-EVO antes de 22.2R3-S4-EVO, * desde 22.3-EVO antes de 22.3R3- S3-EVO, * desde 22.4-EVO antes de 22.4R3-S2-EVO, * desde 23.2-EVO antes de 23.2R2-EVO, * desde 23.4-EVO antes de 23.4R1-S1-EVO, 23.4R2-EVO. • https://supportportal.juniper.net/JSA83016 • CWE-121: Stack-based Buffer Overflow •