CVSS: 7.8EPSS: 0%CPEs: 193EXPL: 2CVE-2019-0053 – Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-0053
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. • https://github.com/dreamsmasher/inetutils-CVE-2019-0053-Patched-PKGBUILD http://packetstormsecurity.com/files/153746/FreeBSD-Security-Advisory-FreeBSD-SA-19-12.telnet.html https://kb.juniper.net/JSA10947 https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html https://seclists.org/bugtraq/2019/Jul/45 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc https://www.exploit-db.com/exploits/45982 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 146EXPL: 0CVE-2019-0052 – SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets
https://notcve.org/view.php?id=CVE-2019-0052
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series. El proceso srxpfe puede bloquearse en los gateways de servicios de la serie SRX cuando el módulo UTM procesa un paquete HTTP fragmentado específico. • http://www.securityfocus.com/bid/109145 https://kb.juniper.net/JSA10946 • CWE-404: Improper Resource Shutdown or Release CWE-436: Interpretation Conflict •
CVSS: 7.5EPSS: 0%CPEs: 72EXPL: 0CVE-2019-0049 – Junos OS: RPD process crashes when BGP peer restarts
https://notcve.org/view.php?id=CVE-2019-0049
On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S3; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.2X75 versions prior to 17.2X75-D105; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30; 18.3 versions prior to 18.3R1-S4, 18.3R2. • https://kb.juniper.net/JSA10943 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.8EPSS: 0%CPEs: 220EXPL: 0CVE-2019-0048 – EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail
https://notcve.org/view.php?id=CVE-2019-0048
On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. • https://kb.juniper.net/JSA10942 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-0046 – Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface.
https://notcve.org/view.php?id=CVE-2019-0046
A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device. Affected releases are Juniper Networks Junos OS: 16.1 versions above and including 16.1R1 prior to 16.1R7-S5; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. Una vulnerabilidad en el demonio pfe-chassisd Chassis Manager (CMLC) en Junos OS de Juniper Networks, permite a un atacante causar una denegación de servicio (DoS) en el dispositivo EX4300 cuando paquetes de difusión válidos específicos crean una condición de tormenta de difusión cuando se recibieron en la interfaz me0 del dispositivo de la serie EX4300. • http://www.securityfocus.com/bid/109272 https://kb.juniper.net/JSA10938 • CWE-400: Uncontrolled Resource Consumption •