Juniper Junos vulnerabilities

CVE-2022-22246 [HIGH] CWE-829 CVE-2022-22246: A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS m A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete

CVE-2022-22231 [HIGH] CWE-690 CVE-2022-22231: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system

CVE-2022-22228 [HIGH] CWE-1287 CVE-2022-22228: An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: J

CVE-2022-22243 [MEDIUM] CWE-20 CVE-2022-22243: An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: al

CVE-2022-22226 [MEDIUM] CWE-789 CVE-2022-22226: In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vu In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are rece

CVE-2022-22250 [MEDIUM] CWE-664 CVE-2022-22250: An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PF An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indi

CVE-2022-22245 [MEDIUM] CWE-23 CVE-2022-22245: A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authent A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability

CVE-2022-22240 [MEDIUM] CWE-401 CVE-2022-22240: An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effect An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with r

CVE-2022-22244 [MEDIUM] CWE-91 CVE-2022-22244: An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unaut An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1

CVE-2022-22249 [MEDIUM] CWE-664 CVE-2022-22249: An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can b

CVE-2022-22220 [MEDIUM] CWE-367 CVE-2022-22220: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) o A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corres

CVE-2022-22224 [MEDIUM] CWE-703 CVE-2022-22224: An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malform An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions relian

CVE-2022-22208 [MEDIUM] CWE-416 CVE-2022-22208: A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash.

CVE-2022-22225 [MEDIUM] CWE-367 CVE-2022-22225: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rp A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly,

CVE-2022-22219 [MEDIUM] CWE-241 CVE-2022-22219: Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing proto

CVE-2022-22233 [MEDIUM] CWE-690 CVE-2022-22233: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segm

CVE-2022-22230 [MEDIUM] CWE-20 CVE-2022-22230: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects syst

CVE-2022-22242 [MEDIUM] CWE-79 CVE-2022-22242: A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allow A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.

CVE-2022-22238 [MEDIUM] CWE-754 CVE-2022-22238: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state

CVE-2022-22237 [MEDIUM] CWE-287 CVE-2022-22237: An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauth An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally config