CVSS: 5.3EPSS: 0%CPEs: 257EXPL: 0CVE-2023-28968 – Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open
https://notcve.org/view.php?id=CVE-2023-28968
17 Apr 2023 — An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not ... • https://supportportal.juniper.net/JSA70592 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2023-28970 – Junos OS: JRR200: Kernel crash upon receipt of a specific packet
https://notcve.org/view.php?id=CVE-2023-28970
17 Apr 2023 — An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast dom... • https://supportportal.juniper.net/JSA70594 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 152EXPL: 0CVE-2023-28972 – Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery
https://notcve.org/view.php?id=CVE-2023-28972
17 Apr 2023 — An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, cha... • https://supportportal.juniper.net/JSA70596 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.4EPSS: 0%CPEs: 122EXPL: 0CVE-2023-28974 – Junos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from subscribers the process bbe-smgd will crash
https://notcve.org/view.php?id=CVE-2023-28974
17 Apr 2023 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subscriber the bbe-smgd will crash, affecting the subscriber sessions that are connecting, updating, or terminating. Continued receipt of such packets will lead to a... • https://supportportal.juniper.net/JSA70599 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.9EPSS: 0%CPEs: 114EXPL: 0CVE-2023-28975 – Junos OS: The kernel will crash when certain USB devices are inserted
https://notcve.org/view.php?id=CVE-2023-28975
17 Apr 2023 — An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.2 versions p... • https://supportportal.juniper.net/JSA70600 • CWE-394: Unexpected Status Code or Return Value CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 170EXPL: 0CVE-2023-28976 – Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash
https://notcve.org/view.php?id=CVE-2023-28976
17 Apr 2023 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: A... • https://supportportal.juniper.net/JSA70601 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.7EPSS: 0%CPEs: 118EXPL: 0CVE-2023-28979 – Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails
https://notcve.org/view.php?id=CVE-2023-28979
17 Apr 2023 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prio... • https://supportportal.juniper.net/JSA70604 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 64EXPL: 0CVE-2023-22403 – Junos OS: QFX10K Series: An ICCP flap will be observed due to excessive specific traffic
https://notcve.org/view.php?id=CVE-2023-22403
12 Jan 2023 — An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper... • https://kb.juniper.net/JSA70199 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 150EXPL: 1CVE-2023-22415 – Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received
https://notcve.org/view.php?id=CVE-2023-22415
12 Jan 2023 — An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX S... • https://kb.juniper.net/JSA70211 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 94EXPL: 0CVE-2023-22416 – Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received
https://notcve.org/view.php?id=CVE-2023-22416
12 Jan 2023 — A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions pr... • https://kb.juniper.net/JSA70212 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •