CVSS: 5.9EPSS: 0%CPEs: 181EXPL: 0CVE-2018-0031 – Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules
https://notcve.org/view.php?id=CVE-2018-0031
Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. • http://www.securitytracker.com/id/1041326 https://kb.juniper.net/JSA10865 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-0035 – Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images
https://notcve.org/view.php?id=CVE-2018-0035
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. • http://www.securitytracker.com/id/1041336 https://kb.juniper.net/JSA10869 •
CVSS: 6.5EPSS: 0%CPEs: 141EXPL: 0CVE-2018-0029 – Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0'
https://notcve.org/view.php?id=CVE-2018-0029
While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. Al experimentar una "tormenta de transmisiones" (broadcast storm), la colocación de la interfaz fxp0 en modo promiscuo mediante la "interfaz fxp0 de tráfico de monitorización" puede provocar que el sistema se cierre inesperadamente y se reinicie (vmcore). • http://www.securitytracker.com/id/1041319 https://kb.juniper.net/JSA10863 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-0037 – Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages
https://notcve.org/view.php?id=CVE-2018-0037
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7; El proceso RPD (Routing Protocol Daemon) de Junos OS podría cerrarse inesperadamente y reiniciarse o podría conducir a la ejecución remota de código mientras procesa mensajes BGP NOTIFICATION determinados. • http://www.securitytracker.com/id/1041339 https://kb.juniper.net/JSA10871 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 82EXPL: 0CVE-2018-0025 – Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication
https://notcve.org/view.php?id=CVE-2018-0025
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series. Cuando un dispositivo SRX Series está configurado para emplear los servicios de autenticación pass-through HTTP/HTTPS, un cliente que envía credenciales de autenticación en la sesión inicial HTTP/HTTPS está en riesgo de que estas credenciales puedan ser capturadas durante peticiones HTTP/HTTPS follow-on por parte de un actor malicioso mediante un ataque Man-in-the-Middle (MitM) o por medio de servidores auténticos subvertidos por actores maliciosos. Los servicios de autenticación pass-through FTP y Telnet no se han visto afectados. • http://www.securityfocus.com/bid/104719 http://www.securitytracker.com/id/1041316 https://kb.juniper.net/JSA10858 https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html • CWE-300: Channel Accessible by Non-Endpoint CWE-319: Cleartext Transmission of Sensitive Information •