Juniper Junos vulnerabilities

CVE-2023-36832 [HIGH] CWE-755 CVE-2023-36832: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS).

CVE-2023-36831 [HIGH] CWE-703 CVE-2023-36831: An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Man An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting th

CVE-2023-36849 [MEDIUM] CWE-703 CVE-2023-36849: An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protoco An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash

CVE-2023-36848 [MEDIUM] CWE-232 CVE-2023-36848: An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPM An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these

CVE-2023-36840 [MEDIUM] CWE-617 CVE-2023-36840: A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS an A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific comman

CVE-2023-36838 [MEDIUM] CWE-125 CVE-2023-36838: An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a

CVE-2023-36836 [MEDIUM] CWE-908 CVE-2023-36836: A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Net A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can

CVE-2023-36850 [MEDIUM] CWE-1285 CVE-2023-36850: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connect An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC

CVE-2023-36834 [MEDIUM] CWE-372 CVE-2023-36834: An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juni An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines

CVE-2023-0026 [HIGH] CWE-20 CVE-2023-0026: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, t

CVE-2023-28962 [CRITICAL] CWE-287 CVE-2023-28962: An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions;

CVE-2023-28976 [HIGH] CWE-754 CVE-2023-28976: An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PF

CVE-2023-28982 [HIGH] CWE-401 CVE-2023-28982: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usa

CVE-2023-28967 [HIGH] CWE-908 CVE-2023-28967: A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Junip A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue

CVE-2023-28964 [HIGH] CWE-130 CVE-2023-28964: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service

CVE-2023-28965 [HIGH] CWE-703 CVE-2023-28965: An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable

CVE-2023-28968 [MEDIUM] CWE-1325 CVE-2023-28968: An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Pac An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to sen

CVE-2023-28984 [MEDIUM] CWE-362 CVE-2023-28984: A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks J A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent

CVE-2023-28980 [MEDIUM] CWE-416 CVE-2023-28980: A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scena

CVE-2023-28974 [MEDIUM] CWE-754 CVE-2023-28974: An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Net An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subs