CVSS: 6.5EPSS: 0%CPEs: 221EXPL: 1CVE-2021-0215 – Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps
https://notcve.org/view.php?id=CVE-2021-0215
On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device> show task memory detail Please refer to https://kb.juniper.net/KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54; 15.1X49 versions prior to 15.1X49-D240 ; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1. En los dispositivos de Juniper Networks Junos serie EX, Serie QFX y serie de la rama SRX, ocurre un filtrado de memoria cada vez que la interfaz del puerto del autenticador 802.1X se interrumpe, lo que puede conllevar a que otros procesos, tales como el proceso pfex, responsable del reenvío de paquetes, se bloquee y reinicie. • https://kb.juniper.net/JSA11105 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0212 – Contrail Networking: Administrator credentials are exposed in a plaintext file
https://notcve.org/view.php?id=CVE-2021-0212
An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. Una vulnerabilidad de Exposición de Información en Juniper Networks Contrail Networking, permite a un atacante autenticado localmente sea capaz de leer archivos para recuperar las credenciales de administrador almacenadas en texto plano, elevando así sus privilegios sobre el sistema. Este problema afecta: Juniper Networks Contrail Networking versiones anteriores a 1911.31 • https://kb.juniper.net/JSA11102 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 336EXPL: 0CVE-2021-0211 – Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.
https://notcve.org/view.php?id=CVE-2021-0211
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO. Una comprobación inapropiada de condiciones inusuales o excepcionales en Juniper Networks. • https://kb.juniper.net/JSA11101 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 158EXPL: 0CVE-2021-0210 – Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session
https://notcve.org/view.php?id=CVE-2021-0210
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Una vulnerabilidad de exposición de la información en J-Web de Juniper Networks Junos OS permite a un atacante no autenticado elevar sus privilegios sobre el sistema objetivo mediante el uso oportunista de una sesión de usuarios autenticados. Este problema afecta a: Juniper Networks Junos OS versiones 12.3 anteriores a 12.3R12-S17; versiones 17.3 anteriores a 17.3R3-S10; versiones 17.4 anteriores a 17.4R2-S12, 17.4R3-S3; versiones 18.1 anteriores a 18.1R3-S11; versiones 18.2 anteriores a 18.2R3-S6; versiones 18.3 anteriores a 18.3R2-S4, 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S5, 18.4R3-S5; versiones 19.1 anteriores a 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; versiones 19.2 anteriores a 19.2R1-S5, 19.2R3, 19.2R3-S1; versiones 19.3 anteriores a 19.3R2-S4, 19.3R3; versiones 19.4 anteriores a 19.4R1-S3, 19.4R2-S2, 19.4R3; versiones 20.1 anteriores a 20.1R1-S4, 20.1R2; versiones 20.2 anteriores a 20.2R1-S1, 20.2R2 • https://kb.juniper.net/JSA11100 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-0209 – Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX.
https://notcve.org/view.php?id=CVE-2021-0209
In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS. • https://kb.juniper.net/JSA11099 • CWE-824: Access of Uninitialized Pointer •