CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en J-Web de Juniper Networks Junos OS en las series SRX y EX permite a un atacante construir una URL que, cuando la visita otro usuario, le permite ejecutar comandos con los permisos del objetivo, incluido un administrador. Una invocación específica del método emit_debug_note en webauth_operation.php devolverá los datos que recibe. Este problema afecta a Juniper Networks Junos OS en las series SRX y EX: * Todas las versiones anteriores a 20.4R3-S10; * Versiones 21.2 anteriores a 21.2R3-S8; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3-S1; * Versiones 23.2 anteriores a 23.2R2; * Versiones 23.4 anteriores a 23.4R2. • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Una vulnerabilidad de autenticación faltante para función crítica combinada con una vulnerabilidad de generación de mensaje de error que contiene información confidencial en J-Web de Juniper Networks Junos OS en las series SRX y EX permite que un atacante basado en red no autenticado acceda a información confidencial del sistema. Cuando un usuario inicia sesión, se crea un archivo temporal que contiene la configuración del dispositivo (como es visible para ese usuario) en la carpeta /cache. • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVE-2024-21607 – Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected
https://notcve.org/view.php?id=CVE-2024-21607
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. Una característica no compatible en la vulnerabilidad de la interfaz de usuario en Juniper Networks Junos OS en las series MX y EX9200 permite que un atacante no autenticado basado en la red cause un impacto parcial en la integridad del dispositivo. Si se agrega la opción "tcp-reset" a la acción "reject" en un filtro IPv6 que coincide con el "payload-protocol", los paquetes se permiten en lugar de rechazarse. • https://supportportal.juniper.net/JSA75748 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N • CWE-447: Unimplemented or Unsupported Feature in UI •
CVE-2023-44191 – Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging
https://notcve.org/view.php?id=CVE-2023-44191
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1 Una vulnerabilidad de asignación de recursos sin límites ni limitación en Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una Denegación de Servicio (DoS). En todas las plataformas Junos OS QFX5000 Series y EX4000 Series, cuando se configura una gran cantidad de VLAN, un paquete DHCP específico provocará un acaparamiento de PFE, lo que provocará la caída de las conexiones del socket. Este problema afecta a: Juniper Networks Junos OS en las series QFX5000 y EX4000 * versiones 21.1 anteriores a 21.1R3-S5; * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S1; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2. Este problema no afecta a las versiones de Juniper Networks Junos OS anteriores a 21.1R1. • https://supportportal.juniper.net/JSA73155 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-36851 – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2. Una vulnerabilidad de autenticación faltante para funciones críticas en Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado cause un impacto limitado en la integridad del sistema de archivos. Con una solicitud específica a webauth_operation.php que no requiere autenticación, un atacante puede cargar archivos arbitrarios a través de J-Web, lo que provoca una pérdida de integridad de una determinada parte del sistema de archivos, lo que puede permitir el encadenamiento a otras vulnerabilidades. . Este problema afecta a Juniper Networks Junos OS en la serie SRX: * Versiones 22.4 anteriores a 22,4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R2. Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. • https://supportportal.juniper.net/JSA72300 • CWE-306: Missing Authentication for Critical Function •