CVSS: 5.3EPSS: 0%CPEs: 110EXPL: 0CVE-2024-21607 – Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected
https://notcve.org/view.php?id=CVE-2024-21607
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. Una característica no compatible en la vulnerabilidad de la interfaz de usuario en Juniper Networks Junos OS en las series MX y EX9200 permite que un atacante no autenticado basado en la red cause un impacto parcial en la integridad del dispositivo. Si se agrega la opción "tcp-reset" a la acción "reject" en un filtro IPv6 que coincide con el "payload-protocol", los paquetes se permiten en lugar de rechazarse. • https://supportportal.juniper.net/JSA75748 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N • CWE-447: Unimplemented or Unsupported Feature in UI •
CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0CVE-2024-21587 – Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled
https://notcve.org/view.php?id=CVE-2024-21587
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el demonio de administración de suscriptores de borde de banda ancha (bbe-smgd) de Juniper Networks Junos OS en la serie MX permite que un atacante conectado directamente al sistema vulnerable altere repetidamente las sesiones de suscriptores DHCP para causar, en última instancia, una pérdida lenta de memoria. lo que lleva a una denegación de servicio (DoS). • https://supportportal.juniper.net/JSA75725 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0CVE-2023-44199 – Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot
https://notcve.org/view.php?id=CVE-2023-44199
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2. Una vulnerabilidad de Verificación Inadecuada de Condiciones Inusuales o Excepcionales en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS en la serie MX permite que un atacante no autenticado basado en la red provoque una Denegación de Servicio (DoS). En las plataformas Junos MX Series con Precision Time Protocol (PTP) configurado, una rotación prolongada del protocolo de enrutamiento puede provocar un bloqueo y reinicio del FPC. Este problema afecta a Juniper Networks Junos OS en la serie MX: * Todas las versiones anteriores a 20.4R3-S4; * 21.1 versión 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S2; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3; * Versiones 22.1 anteriores a 22.1R3; * Versiones 22.2 anteriores a 22.2R1-S1, 22.2R2. • https://supportportal.juniper.net/JSA73165 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0CVE-2023-44198 – Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmitted SIP packets
https://notcve.org/view.php?id=CVE-2023-44198
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1. Una vulnerabilidad de Verificación Inadecuada de Condiciones Inusuales o Excepcionales en SIP ALG de Juniper Networks Junos OS en las series SRX y MX permite que un atacante basado en red no autenticado cause un impacto en la integridad de las redes conectadas. Si SIP ALG está configurado y un dispositivo recibe un paquete SIP específicamente mal formado, el dispositivo impide que este paquete se reenvíe, pero cualquier retransmisión recibida posteriormente del mismo paquete se reenvía como si fuera válida. Este problema afecta a Juniper Networks Junos OS en las series SRX y MX: * Versiones 20.4 anteriores a 20.4R3-S5; * Versiones 21.1 anteriores a 21.1R3-S4; * Versiones 21.2 anteriores a 21.2R3-S4; * Versiones 21.3 anteriores a 21.3R3-S3; * Versiones 21.4 anteriores a 21.4R3-S2; * Versiones 22.1 anteriores a 22.1R2-S2, 22.1R3; * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3; * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2. Este problema no afecta a las versiones anteriores a 20.4R1. • https://supportportal.juniper.net/JSA73164 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 81EXPL: 0CVE-2023-44193 – Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run
https://notcve.org/view.php?id=CVE-2023-44193
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Una vulnerabilidad de liberación inadecuada de memoria antes de eliminar la última referencia en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante local con pocos privilegios provoque una falla del FPC, lo que lleva a una Denegación de Servicio (DoS). En todas las series Junos MX con MPC1 - MPC9, LC480, LC2101, MX10003 y MX80, cuando Connectivity-Fault-Management (CFM) está habilitada en un escenario VPLS y se ejecuta un comando relacionado con LDP específico, un FPC fallará y se reiniciará. La ejecución continua de este comando LDP específico puede provocar una condición sostenida de Denegación de Servicio. • https://supportportal.juniper.net/JSA73157 • CWE-401: Missing Release of Memory after Effective Lifetime •