CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-21590 – Junos OS Evolved: Packets which are not destined to the device can reach the RE
https://notcve.org/view.php?id=CVE-2024-21590
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. Una vulnerabilidad de validación de entrada incorrecta en Juniper Tunnel Driver (jtd) y el módulo ICMP de Juniper Networks Junos OS Evolved permite a un atacante no autenticado dentro del dominio administrativo MPLS enviar paquetes específicamente manipulados al motor de enrutamiento (RE) para provocar una denegación de servicio (DoS). ). Cuando el motor de reenvío de paquetes (PFE) recibe paquetes MPLS IPv4 de tránsito específicamente manipulados, estos paquetes se reenvían internamente al RE. La recepción continua de estos paquetes puede crear una condición sostenida de Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA75728 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 76EXPL: 0CVE-2024-21613 – Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd crash
https://notcve.org/view.php?id=CVE-2024-21613
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO. Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque un bloqueo de rpd, lo que lleva a una denegación de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando la ingeniería de tráfico está habilitada para OSPF o ISIS y un enlace falla, se observa una pérdida de memoria de patroot. Esta pérdida de memoria, con el tiempo, provocará un bloqueo y reinicio del rpd. • https://supportportal.juniper.net/JSA75754 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2024-21612 – Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE
https://notcve.org/view.php?id=CVE-2024-21612
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. Una vulnerabilidad de manejo inadecuado de una estructura sintácticamente no válida en el servicio Object Flooding Protocol (OFP) de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). En todas las plataformas Junos OS Evolved, cuando se reciben paquetes TCP específicos en un puerto OFP abierto, el OFP falla y se reinicia el Routine Engine (RE). La recepción continua de estos paquetes TCP específicos dará lugar a una condición sostenida de Denegación de Servicio (DoS). • https://supportportal.juniper.net/JSA75753 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2024-21604 – Junos OS Evolved: A high rate of specific traffic will cause a complete system outage
https://notcve.org/view.php?id=CVE-2024-21604
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO. Una vulnerabilidad de asignación de recursos sin límites ni limitación en el kernel de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Si el motor de enrutamiento (RE) procesa una alta tasa de paquetes válidos específicos, esto provocará una pérdida de conectividad del RE con otros componentes del chasis y, por lo tanto, una interrupción completa y persistente del sistema. Tenga en cuenta que un filtro de firewall lo0 cuidadosamente diseñado bloqueará o limitará estos paquetes, lo que debería evitar que ocurra este problema. • https://supportportal.juniper.net/JSA75745 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 152EXPL: 0CVE-2024-21596 – Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices
https://notcve.org/view.php?id=CVE-2024-21596
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS). Si un atacante envía un mensaje de ACTUALIZACIÓN de BGP específico al dispositivo, esto provocará una sobrescritura de la memoria y, por lo tanto, un bloqueo del RPD y un reinicio en el Routing Engine (RE) de respaldo. • https://supportportal.juniper.net/JSA75735 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •