CVSS: 6.5EPSS: 0%CPEs: 121EXPL: 0CVE-2020-1670 – Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets
https://notcve.org/view.php?id=CVE-2020-1670
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. • https://kb.juniper.net https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11067&actp=SUBSCRIPTION • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1669 – Junos OS: NFX350: Password hashes stored in world-readable format
https://notcve.org/view.php?id=CVE-2020-1669
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. El contenedor Juniper Device Manager (JDM), utilizado por la arquitectura de Junos OS desagregado en los dispositivos Juniper Networks NFX350 Series, almacena hashes de contraseña en el archivo /etc/passwd de tipo world-readable. Esta no es una de las mejores prácticas de seguridad actuales, ya que puede permitir a un atacante con acceso al sistema de archivos local la capacidad de descifrar por fuerza bruta los hashes de contraseña almacenados en el sistema. • https://kb.juniper.net/JSA11066 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2020-1668 – Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface
https://notcve.org/view.php?id=CVE-2020-1668
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the "Idle" value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). • https://kb.juniper.net/JSA11065 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 0%CPEs: 56EXPL: 0CVE-2020-1667 – Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled.
https://notcve.org/view.php?id=CVE-2020-1667
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. • https://kb.juniper.net https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11064&cat=MX_SERIES&actp=LIST • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1666 – Junos OS Evolved: 'console log-out-on-disconnect' fails to terminate session on console cable disconnection
https://notcve.org/view.php?id=CVE-2020-1666
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO. La opción de configuración de la consola del sistema "log-out-on-desconect" en Juniper Networks Junos OS Evolved presenta un fallo al cerrar la sesión de una sesión de la CLI activa cuando el cable de la consola está desconectado. Esto podría permitir a un atacante malicioso con acceso físico a la consola la capacidad de reanudar una sesión interactiva anterior y posiblemente conseguir privilegios administrativos. • https://kb.juniper.net/JSA11063 • CWE-284: Improper Access Control CWE-613: Insufficient Session Expiration •