Juniper Junos vulnerabilities

CVE-2021-0245 [HIGH] CWE-798 CVE-2021-0245: A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R

CVE-2021-0247 [MEDIUM] CWE-362 CVE-2021-0247: A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerab A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as we

CVE-2021-0258 [MEDIUM] CWE-362 CVE-2021-0258: A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management inter A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets will create a sustained Denial of Service (DoS) condition. This issue only oc

CVE-2021-0234 [MEDIUM] CWE-665 CVE-2021-0234: Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices wit Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue

CVE-2021-0224 [MEDIUM] CWE-770 CVE-2021-0224: A vulnerability in the handling of internal resources necessary to bring up a large number of Layer A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Continued processing of spoofed subscriber node

CVE-2021-0237 [MEDIUM] CVE-2021-0237: On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtu On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (D

CVE-2021-0271 [MEDIUM] CWE-415 CVE-2021-0271: A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Ne A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) conditi

CVE-2021-0238 [MEDIUM] CWE-400 CVE-2021-0238: When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Proto When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device> show system

CVE-2021-0216 [MEDIUM] CVE-2021-0216: A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause B A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. This, in turn, may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. When a high rate of transit ARP packets are exceptioned to the CPU and B

CVE-2021-0256 [MEDIUM] CWE-250 CVE-2021-0256: A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerabil

CVE-2021-0263 [MEDIUM] CWE-19 CVE-2021-0263: A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Netw A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsibl

CVE-2021-0241 [MEDIUM] CWE-703 CVE-2021-0241: On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juni On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued re

CVE-2021-0262 [MEDIUM] CWE-416 CVE-2021-0262: Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Contin

CVE-2021-0214 [MEDIUM] CWE-20 CVE-2021-0214: A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Junipe A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed pack

CVE-2021-0231 [MEDIUM] CWE-22 CVE-2021-0231: A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticate A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versio

CVE-2021-0240 [MEDIUM] CWE-703 CVE-2021-0240: On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and pro

CVE-2021-0242 [MEDIUM] CWE-119 CVE-2021-0242: A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switche A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving th

CVE-2021-0273 [MEDIUM] CWE-670 CVE-2021-0273: An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Jun An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to ca

CVE-2021-0270 [MEDIUM] CWE-362 CVE-2021-0270: On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free we On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race co

CVE-2021-0267 [MEDIUM] CWE-20 CVE-2021-0267: An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued rec