CVSS: 5.8EPSS: 0%CPEs: 83EXPL: 0CVE-2023-28961 – Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header ah" is used
https://notcve.org/view.php?id=CVE-2023-28961
17 Apr 2023 — An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication ... • https://supportportal.juniper.net/JSA70586 • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 6.5EPSS: 0%CPEs: 359EXPL: 0CVE-2021-0289 – Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted
https://notcve.org/view.php?id=CVE-2021-0289
15 Jul 2021 — When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show inte... • https://kb.juniper.net/JSA11191 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 233EXPL: 0CVE-2021-0273 – Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device's interfaces.
https://notcve.org/view.php?id=CVE-2021-0273
22 Apr 2021 — An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite... • https://kb.juniper.net/JSA11164 • CWE-670: Always-Incorrect Control Flow Implementation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •