CVSS: 9.8EPSS: 6%CPEs: 23EXPL: 0CVE-2019-0008 – QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process
https://notcve.org/view.php?id=CVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2. Una cierta secuencia de paquetes BGP o IPv6 BFD válidos puede desencadenar un desbordamiento de búfer basado en pila en Junos OS Packet Forwarding Engine manager (FXPC), en dispositivos de las series QFX5000, EX4300, EX4600. Este problema puede resultar en un fallo del demonio fxpc o puede llevar a la ejecución remota del código. • http://www.securityfocus.com/bid/107897 https://kb.juniper.net/JSA10930 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 75EXPL: 0CVE-2019-0001 – Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).
https://notcve.org/view.php?id=CVE-2019-0001
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. • http://www.securityfocus.com/bid/106541 https://kb.juniper.net/JSA10900 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE • CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2019-0007 – Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability
https://notcve.org/view.php?id=CVE-2019-0007
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series. El software de la serie vMX emplea un número de secuencia IP ID predecible. • http://www.securityfocus.com/bid/106564 https://kb.juniper.net/JSA10903 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2019-0009 – Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE
https://notcve.org/view.php?id=CVE-2019-0009
On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2. En las series EX2300 y EX3400, las operaciones high disk I/O podrían interrumpir las comunicaciones entre el motor de enrutamiento (RE) y el motor de reenvío de paquetes (PFE). • http://www.securityfocus.com/bid/106548 https://kb.juniper.net/JSA10909 •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2019-0002 – Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect
https://notcve.org/view.php?id=CVE-2019-0002
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. En las series EX2300 y EX3400, la configuración sin estado del filtro del firewall que emplea la acción "policer" junto con otras acciones podría no aplicarse. Cuando este problema ocurre, el resultado del comando show pfe filter hw summary no mostrará la entrada para: RACL group. • http://www.securityfocus.com/bid/106669 https://kb.juniper.net/JSA10901 https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html • CWE-794: Incomplete Filtering of Multiple Instances of Special Elements •