CVSS: 8.8EPSS: 0%CPEs: 193EXPL: 0CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en J-Web de Juniper Networks Junos OS en las series SRX y EX permite a un atacante construir una URL que, cuando la visita otro usuario, le permite ejecutar comandos con los permisos del objetivo, incluido un administrador. Una invocación específica del método emit_debug_note en webauth_operation.php devolverá los datos que recibe. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S10; * Versiones 21.2 anteriores a 21.2R3-S8; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3-S1; * Versiones 23.2 anteriores a 23.2R2; * Versiones 23.4 anteriores a 23.4R2. • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 200EXPL: 0CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Una vulnerabilidad de autenticación faltante para función crítica combinada con una vulnerabilidad de generación de mensaje de error que contiene información confidencial en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado acceda a información confidencial del sistema. Cuando un usuario inicia sesión, se crea un archivo temporal que contiene la configuración del dispositivo (como es visible para ese usuario) en la carpeta /cache. • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2022-22221 – Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality
https://notcve.org/view.php?id=CVE-2022-22221
An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en el administrador de descargas del Sistema Operativo Junos de Juniper Networks en las series SRX y EX permite a un atacante autenticado localmente con bajos privilegios tomar el control total del dispositivo. Uno de los aspectos de esta vulnerabilidad es que el atacante debe ser capaz de ejecutar cualquiera de los comandos "request ..." o "show system download ...". • https://kb.juniper.net/JSA69725 •
CVSS: 7.5EPSS: 0%CPEs: 344EXPL: 0CVE-2019-0043 – Junos OS: RPD process crashes upon receipt of a specific SNMP packet
https://notcve.org/view.php?id=CVE-2019-0043
In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10. En entornos MPLS, la recepción de un paquete SNMP específico puede provocar que el proceso rpd (Routing Protocol Daemon) se cierre inesperadamente y se reinicie. • https://kb.juniper.net/JSA10935 • CWE-404: Improper Resource Shutdown or Release •