Juniper Junos vulnerabilities

CVE-2021-31366 [MEDIUM] CWE-252 CVE-2021-31366: An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Jun An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denia

CVE-2021-31365 [MEDIUM] CWE-400 CVE-2021-31365: An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 an An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2

CVE-2021-0284 [HIGH] CWE-120 CVE-2021-0284: A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut do

CVE-2021-0278 [HIGH] CWE-20 CVE-2021-0278: An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally au An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20

CVE-2021-0277 [HIGH] CWE-125 CVE-2021-0277: An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local

CVE-2021-0285 [HIGH] CWE-770 CVE-2021-0285: An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series an An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregatio

CVE-2021-0280 [HIGH] CWE-665 CVE-2021-0280: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QF Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This

CVE-2021-0283 [HIGH] CWE-120 CVE-2021-0283: A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut do

CVE-2021-0281 [HIGH] CWE-754 CVE-2021-0281: On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustain

CVE-2021-0282 [HIGH] CWE-754 CVE-2021-0282: On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specif On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can p

CVE-2021-0295 [MEDIUM] CWE-697 CVE-2021-0295: A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configure

CVE-2021-0288 [MEDIUM] CWE-754 CVE-2021-0288: A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only aff

CVE-2021-0293 [MEDIUM] CWE-401 CVE-2021-0293: A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lif A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more mem

CVE-2021-0294 [MEDIUM] CWE-474 CVE-2021-0294: A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a func A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work h

CVE-2021-0291 [MEDIUM] CWE-497 CVE-2021-0291: An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (

CVE-2021-0287 [MEDIUM] CWE-754 CVE-2021-0287: In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evol In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link f

CVE-2021-0289 [MEDIUM] CWE-367 CVE-2021-0289: When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) inte When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this pa

CVE-2021-0290 [MEDIUM] CWE-755 CVE-2021-0290: Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networ Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The interface does not recover on its own and the FPC must

CVE-2021-0254 [CRITICAL] CWE-131 CVE-2021-0254: A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allo A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the

CVE-2021-0249 [CRITICAL] CWE-120 CVE-2021-0249: On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet For On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. This issue affects: Juniper