CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0048 – Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support.
https://notcve.org/view.php?id=CVE-2018-0048
A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3; Una vulnerabilidad en el RPD (Routing Protocols Daemon) con soporte para Juniper Extension Toolkit (JET) puede permitir que un atacante no autenticado basado en web provoque una condición severa de agotamiento de memoria en el dispositivo. • http://www.securityfocus.com/bid/105564 http://www.securitytracker.com/id/1041849 https://kb.juniper.net/JSA10882 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.6EPSS: 0%CPEs: 27EXPL: 0CVE-2018-0057 – Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)
https://notcve.org/view.php?id=CVE-2018-0057
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. En las plataformas MX Series y M120/M320 configuradas en un entorno Broadband Edge (BBE), los suscriptores que inician sesión con DHCP Option 50 para solicitar una dirección IP específica tendrán asignada la dirección IP que soliciten, incluso aunque haya un enlace de MAC estática a dirección IP en el perfil de acceso. • https://kb.juniper.net/JSA10892 •
CVSS: 6.5EPSS: 0%CPEs: 131EXPL: 0CVE-2018-0054 – QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames
https://notcve.org/view.php?id=CVE-2018-0054
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600. En los switches QFX5000 Series y EX4600, una alta tasa de tramas de pausa Ethernet en una tormenta de paquetes ARP recibida en la interfaz de gestión (fxp0) puede provocar una congestión de la interfaz egress, lo que resulta en caídas del paquete del protocolo de enrutamiento, como BGP, lo que conduce a flaps de emparejamiento. • http://www.securitytracker.com/id/1041855 https://kb.juniper.net/JSA10888 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 459EXPL: 2CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una desreferencia de puntero NULL, tal y como queda demostrado con If-Modified-Since o If-Unmodified-Since con mes mayor a 11. • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef https://github.com/embedthis/appweb/issues/605 https://github.com/embedthis/goahead/issues/264 https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 2CVE-2018-15505
https://notcve.org/view.php?id=CVE-2018-15505
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. Una petición HTTP POST con un campo de cabecera "Host" especialmente manipulado puede causar una desreferencia de puntero NULL y, por lo tanto, una denegación de servicio, tal y como queda demostrado con la falta de un carácter posterior ']' en una dirección IPv6. • https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9 https://github.com/embedthis/appweb/issues/605 https://github.com/embedthis/goahead/issues/264 https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US • CWE-476: NULL Pointer Dereference •