CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-0035 – Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images
https://notcve.org/view.php?id=CVE-2018-0035
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. • http://www.securitytracker.com/id/1041336 https://kb.juniper.net/JSA10869 •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-0037 – Junos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages
https://notcve.org/view.php?id=CVE-2018-0037
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7; El proceso RPD (Routing Protocol Daemon) de Junos OS podría cerrarse inesperadamente y reiniciarse o podría conducir a la ejecución remota de código mientras procesa mensajes BGP NOTIFICATION determinados. • http://www.securitytracker.com/id/1041339 https://kb.juniper.net/JSA10871 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2018-0030 – Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet.
https://notcve.org/view.php?id=CVE-2018-0030
Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards. La recepción de un paquete MPLS específico podría provocar que las tarjetas de línea MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) o PTX1K se cierre inesperadamente y se reinicie. • http://www.securitytracker.com/id/1041325 https://kb.juniper.net/JSA10864 https://kb.juniper.net/KB25385 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0026 – Junos OS: Stateless IP firewall filter rules stop working as expected after reboot or upgrade
https://notcve.org/view.php?id=CVE-2018-0026
After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3. Tras un reinicio o actualización del dispositivo Junos OS, la configuración del filtro del firewall sin estado podría no surtir efecto. • http://www.securityfocus.com/bid/104720 http://www.securitytracker.com/id/1041315 https://kb.juniper.net/JSA10859 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0027 – Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service
https://notcve.org/view.php?id=CVE-2018-0027
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1. • http://www.securityfocus.com/bid/104721 http://www.securitytracker.com/id/1041318 https://kb.juniper.net/JSA10861 • CWE-20: Improper Input Validation •