CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0CVE-2020-1639 – Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.
https://notcve.org/view.php?id=CVE-2020-1639
When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67. Cuando un atacante envía un paquete diseñado específico de Ethernet Operation, Administration, and Maintenance (Ethernet OAM) hacia un dispositivo objetivo, puede manejar inapropiadamente los datos malformados entrantes y presentar un fallo al sanear estos datos entrantes, resultando en una condición de desbordamiento. • https://kb.juniper.net • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-1638 – Junos OS & Junos OS Evolved: A specific IPv4 packet can lead to FPC restart.
https://notcve.org/view.php?id=CVE-2020-1638
The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. • https://kb.juniper.net/JSA11019 • CWE-467: Use of sizeof() on a Pointer Type •
CVSS: 7.2EPSS: 0%CPEs: 142EXPL: 0CVE-2020-1637 – Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability
https://notcve.org/view.php?id=CVE-2020-1637
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. • https://kb.juniper.net/JSA11018 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 288EXPL: 0CVE-2020-1630 – Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change.
https://notcve.org/view.php?id=CVE-2020-1630
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R4-S13, 16.1R7-S6; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3-S1; 18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60, 18.2X75-D411; 18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. Una vulnerabilidad de escalada de privilegios en dispositivos Juniper Networks Junos OS configurados con Routing Engines (RE) duales (RE), Virtual Chassis (VC) o clúster de alta disponibilidad puede permitir que un usuario autenticado local poco privilegiado y acceso al shell lleve a cabo modificaciones de la configuración no autorizadas. Este problema no afecta al dispositivo con Junos OS con una única configuración de RE o independiente. • https://kb.juniper.net/JSA11010 • CWE-264: Permissions, Privileges, and Access Controls CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 147EXPL: 0CVE-2020-1629 – Junos OS: A race condition vulnerability may cause RPD daemon to crash when processing a BGP NOTIFICATION message.
https://notcve.org/view.php?id=CVE-2020-1629
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.2 version 17.2R2 and later versions; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to version 16.1R1. Una vulnerabilidad de condición de carrera en los dispositivos Juniper Network Junos OS puede causar que el proceso de routing protocol daemon (RPD) se bloquee y reinicie mientras procesa un mensaje BGP NOTIFICATION. Este problema afecta a Juniper Networks Junos OS: versiones 16.1 anteriores a 16.1R7-S6; versiones 16.2 anteriores a 16.2R2-S11; versiones 17.1 anteriores a 17.1R2-S11, 17.1R3-S1; versiones 17.2 anteriores a 17.2R1-S9, 17.2R3-S3; versiones 17.2 hasta 17.2R2 y versiones posteriores; versiones 17.2X75 anteriores a 17.2X75-D105, 17.2X75-D110; versiones 17.3 anteriores a 17.3R2-S5, 17.3R3-S6; versiones 17.4 anteriores a 17.4R2-S7, 17.4R3; versiones 18.1 anteriores a 18.1R3-S8; versiones 18.2 anteriores a 18.2R3-S3; versiones 18.2X75 anteriores a 18.2X75-D410, 18.2X75-D420, 18.2X75-D50, 18.2X75-D60; versiones 18.3 anteriores a 18.3R1-S5, 18.3R2-S2, 18.3R3; versiones 18.4 anteriores a 18.4R2-S2, 18.4R3; versiones 19.1 anteriores a 19.1R1-S2, 19.1R2; versiones 19.2 anteriores a 19.2R1-S4, 19.2R2. • https://kb.juniper.net/JSA11009 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •