Juniper Junos vulnerabilities

CVE-2022-22206 [HIGH] CWE-120 CVE-2022-22206: A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unau A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat management). Continued receipt of this specific traffic will

CVE-2022-22205 [HIGH] CWE-401 CVE-2022-22205: A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Exp A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such

CVE-2022-22209 [HIGH] CWE-401 CVE-2022-22209: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and

CVE-2022-22207 [HIGH] CWE-416 CVE-2022-22207: A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics

CVE-2022-22221 [HIGH] CVE-2022-22221: An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Netw An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show syste

CVE-2022-22214 [MEDIUM] CWE-20 CVE-2022-22214: An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a

CVE-2022-22213 [MEDIUM] CWE-232 CVE-2022-22213: A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juni A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and

CVE-2022-22216 [MEDIUM] CVE-2022-22216: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Ne An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, an

CVE-2022-22215 [MEDIUM] CWE-772 CVE-2022-22215: A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable au A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/v

CVE-2022-22210 [MEDIUM] CWE-476 CVE-2022-22210: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks J A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process w

CVE-2022-22203 [MEDIUM] CWE-697 CVE-2022-22203: An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthe An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets w

CVE-2022-22202 [MEDIUM] CWE-755 CVE-2022-22202: An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, includi An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to

CVE-2022-22217 [MEDIUM] CWE-754 CVE-2022-22217: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. Thes

CVE-2022-22204 [MEDIUM] CWE-401 CVE-2022-22204: An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP pa

CVE-2022-22188 [HIGH] CWE-122 CVE-2022-22188: An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packe An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number

CVE-2022-22197 [HIGH] CWE-672 CVE-2022-22197: An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and cert

CVE-2022-22198 [HIGH] CWE-824 CVE-2022-22198: An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or

CVE-2022-22185 [HIGH] CWE-754 CVE-2022-22185: A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated a A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sust

CVE-2022-22181 [MEDIUM] CWE-79 CVE-2022-22181: A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions

CVE-2022-22182 [MEDIUM] CWE-79 CVE-2022-22182: A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior t