CVE-2019-0057 – NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.
https://notcve.org/view.php?id=CVE-2019-0057
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5. Una debilidad de autorización inapropiada en Juniper Networks Junos OS, permite a un atacante autenticado local omitir los controles de seguridad regulares para acceder a la aplicación Junos Device Manager (JDM) y tomar el control del sistema. Este problema afecta a: Juniper Networks Junos OS versiones anteriores a 18.2R1, 18.2X75-D5. • https://kb.juniper.net/JSA10955 •
CVE-2019-0056 – Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.
https://notcve.org/view.php?id=CVE-2019-0056
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. • https://kb.juniper.net/JSA10954 • CWE-410: Insufficient Resource Pool •
CVE-2019-0055 – Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.
https://notcve.org/view.php?id=CVE-2019-0055
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series. Una vulnerabilidad en el servicio de procesamiento de paquetes ALG SIP de Juniper Networks Junos OS, permite a un atacante causar una Denegación de servicio (DoS) al dispositivo mediante el envío de tipos específicos de tráfico SIP válido hacia el dispositivo. • https://kb.juniper.net/JSA10953 https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2019-0051 – SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.
https://notcve.org/view.php?id=CVE-2019-0051
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2. La funcionalidad proxy SSL en dispositivos SRX no puede manejar una limitación de recursos de hardware que puede ser explotada por servidores SSL/TLS remotos para bloquear el demonio flowd. • https://kb.juniper.net/JSA10973 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-0050 – Junos OS: SRX1500: Denial of service due to crash of srxpfe process under heavy traffic conditions.
https://notcve.org/view.php?id=CVE-2019-0050
Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500. Bajo determinadas condiciones de tráfico pesado, el proceso srxpfe puede bloquearse y provocar una denegación de servicio para el dispositivo SRX1500. • https://kb.juniper.net/JSA10972 •