Juniper Junos vulnerabilities

CVE-2019-0075 [HIGH] CVE-2019-0075: A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series dev A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions

CVE-2019-0065 [HIGH] CVE-2019-0065: On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the M On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior

CVE-2019-0054 [HIGH] CWE-295 CVE-2019-0054: An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) si An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to

CVE-2019-0063 [HIGH] CVE-2019-0063: When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly cras

CVE-2019-0058 [HIGH] CVE-2019-0058: A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3

CVE-2019-0055 [HIGH] CWE-130 CVE-2019-0055: A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an atta A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP pa

CVE-2019-0071 [HIGH] CWE-347 CVE-2019-0071: Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binarie Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user wi

CVE-2019-0060 [HIGH] CWE-755 CVE-2019-0060: The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSe

CVE-2019-0066 [HIGH] CWE-394 CVE-2019-0066: An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted an

CVE-2019-0056 [HIGH] CWE-410 CVE-2019-0056: This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OS This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a re

CVE-2019-0051 [HIGH] CWE-755 CVE-2019-0051: SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploit SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious se

CVE-2019-0070 [HIGH] CWE-20 CVE-2019-0070: An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Junipe

CVE-2019-0061 [HIGH] CWE-657 CVE-2019-0061: The management daemon (MGD) is responsible for all configuration and management operations in Junos The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vuln

CVE-2019-0059 [HIGH] CWE-400 CVE-2019-0059: A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all ver

CVE-2019-0047 [HIGH] CWE-79 CVE-2019-0047: A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote u A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prio

CVE-2019-0062 [HIGH] CWE-384 CVE-2019-0062: A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineerin A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D8

CVE-2019-0069 [MEDIUM] CWE-319 CVE-2019-0069: On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. Th

CVE-2019-0074 [MEDIUM] CWE-22 CVE-2019-0074: A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engi

CVE-2019-0067 [MEDIUM] CVE-2019-0067: Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and re Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versio

CVE-2019-0053 [HIGH] CWE-121 CVE-2019-0053: Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only