Juniper Junos vulnerabilities

CVE-2021-0243 [MEDIUM] CWE-241 CVE-2021-0243: Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set pol

CVE-2021-0257 [MEDIUM] CWE-400 CVE-2021-0257: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concent On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices

CVE-2021-0236 [MEDIUM] CWE-754 CVE-2021-0236: Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Juno Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of thi

CVE-2021-0272 [MEDIUM] CWE-401 CVE-2021-0272: A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexibl A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and res

CVE-2021-0228 [MEDIUM] CWE-754 CVE-2021-0228: An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to tri

CVE-2021-0229 [MEDIUM] CWE-400 CVE-2021-0229: An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) serve An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses t

CVE-2021-0211 [CRITICAL] CWE-754 CVE-2021-0211: An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Ev An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Den

CVE-2021-0204 [HIGH] CWE-250 CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Jun A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned b

CVE-2021-0207 [HIGH] CWE-115 CVE-2021-0207: An improper interpretation conflict of certain data between certain software components within the J An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This c

CVE-2021-0208 [HIGH] CWE-20 CVE-2021-0208: An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper N An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the De

CVE-2021-0203 [HIGH] CWE-794 CVE-2021-0203: On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic

CVE-2021-0217 [HIGH] CWE-119 CVE-2021-0217: A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Ser A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to c

CVE-2021-0218 [HIGH] CWE-78 CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. A

CVE-2021-0223 [HIGH] CWE-250 CVE-2021-0223: A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue

CVE-2021-0206 [HIGH] CWE-476 CVE-2021-0206: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a s A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).

CVE-2021-0202 [HIGH] CWE-400 CVE-2021-0202: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentr On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC

CVE-2021-0222 [HIGH] CWE-16 CVE-2021-0222: A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) t A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs.

CVE-2021-0205 [MEDIUM] CWE-284 CVE-2021-0205: When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series wit When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination. This issue affect

CVE-2021-0221 [MEDIUM] CWE-703 CVE-2021-0221: In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be use

CVE-2021-0219 [MEDIUM] CWE-78 CVE-2021-0219: A command injection vulnerability in install package validation subsystem of Juniper Networks Junos A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CL