CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2023-28982 – Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur
https://notcve.org/view.php?id=CVE-2023-28982
17 Apr 2023 — A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI co... • https://supportportal.juniper.net/JSA70608 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-28966 – Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root
https://notcve.org/view.php?id=CVE-2023-28966
17 Apr 2023 — An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versio... • https://supportportal.juniper.net/JSA70590 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 53EXPL: 0CVE-2023-28980 – Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued
https://notcve.org/view.php?id=CVE-2023-28980
17 Apr 2023 — A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; * 20.3 vers... • https://supportportal.juniper.net/JSA70606 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 0CVE-2023-28967 – Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash
https://notcve.org/view.php?id=CVE-2023-28967
17 Apr 2023 — A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP pa... • https://supportportal.juniper.net/JSA70591 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.1EPSS: 0%CPEs: 35EXPL: 0CVE-2023-28973 – Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions
https://notcve.org/view.php?id=CVE-2023-28973
17 Apr 2023 — An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither dire... • https://supportportal.juniper.net/JSA70597 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 30EXPL: 0CVE-2023-28960 – Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers
https://notcve.org/view.php?id=CVE-2023-28960
17 Apr 2023 — An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems without Docker st... • https://supportportal.juniper.net/JSA70585 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2023-22400 – Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash
https://notcve.org/view.php?id=CVE-2023-22400
12 Jan 2023 — An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo... • https://kb.juniper.net/JSA70196 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2023-22397 – Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service
https://notcve.org/view.php?id=CVE-2023-22397
12 Jan 2023 — An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is a... • https://kb.juniper.net/JSA70193 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 130EXPL: 0CVE-2023-22406 – Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF
https://notcve.org/view.php?id=CVE-2023-22406
12 Jan 2023 — A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memo... • https://kb.juniper.net/JSA70202 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 334EXPL: 0CVE-2022-22250 – Junos OS and Junos OS Evolved: An FPC crash might be seen due to an EVPN MAC entry moving from local to remote
https://notcve.org/view.php?id=CVE-2022-22250
18 Oct 2022 — An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks ... • https://kb.juniper.net/JSA69907 • CWE-664: Improper Control of a Resource Through its Lifetime •