Juniper Junos vulnerabilities

CVE-2022-22186 [MEDIUM] CWE-665 CVE-2022-22186: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, pack Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and sh

CVE-2022-22193 [MEDIUM] CWE-241 CVE-2022-22193: An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of J An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding

CVE-2022-22196 [MEDIUM] CWE-754 CVE-2022-22196: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which

CVE-2022-22191 [MEDIUM] CWE-410 CVE-2022-22191: A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juni A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the r

CVE-2021-25220 [MEDIUM] CWE-444 CVE-2021-25220: BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with

CVE-2022-22167 [CRITICAL] CWE-863 CVE-2022-22167: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gatew A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dyn

CVE-2022-22157 [CRITICAL] CWE-863 CVE-2022-22157: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gatew A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic

CVE-2022-22159 [HIGH] CVE-2022-22159: A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when th

CVE-2022-22175 [HIGH] CWE-667 CVE-2022-22175: An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX S An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur

CVE-2022-22171 [HIGH] CWE-754 CVE-2022-22171: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior t

CVE-2022-22153 [HIGH] CWE-407 CVE-2022-22153: An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Th An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit tra

CVE-2022-22162 [HIGH] CWE-209 CVE-2022-22162: A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper N A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Juno

CVE-2022-22173 [HIGH] CWE-401 CVE-2022-22173: A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails

CVE-2022-22180 [HIGH] CWE-754 CVE-2022-22180: An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of th

CVE-2022-22174 [HIGH] CWE-401 CVE-2022-22174: A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Se A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Ser

CVE-2022-22177 [HIGH] CWE-755 CVE-2022-22177: A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 version

CVE-2022-22156 [HIGH] CWE-295 CVE-2022-22156: An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to p An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via

CVE-2022-22170 [HIGH] CWE-772 CVE-2022-22170: A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization ca

CVE-2022-22161 [HIGH] CWE-400 CVE-2022-22161: An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (

CVE-2022-22178 [HIGH] CWE-121 CVE-2022-22178: A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Network A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue