Juniper Junos vulnerabilities

CVE-2019-0049 [HIGH] CWE-404 CVE-2019-0049: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mecha On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonge

CVE-2019-0052 [HIGH] CWE-404 CVE-2019-0052: The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specifi The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networ

CVE-2019-0048 [MEDIUM] CWE-200 CVE-2019-0048: On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an impl On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewal

CVE-2019-0046 [MEDIUM] CWE-400 CVE-2019-0046: A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allow A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service

CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-0036 [CRITICAL] CWE-284 CVE-2019-0036: When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juni

CVE-2019-0040 [CRITICAL] CWE-200 CVE-2019-0040: On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). Ex On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the ma

CVE-2019-0008 [CRITICAL] CWE-121 CVE-2019-0008: A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS

CVE-2019-0031 [HIGH] CWE-400 CVE-2019-0031: Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption is Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condi

CVE-2019-0033 [HIGH] CWE-400 CVE-2019-0033: A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an atta A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X

CVE-2019-0039 [HIGH] CWE-307 CVE-2019-0039: If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The hi If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute forc

CVE-2019-0041 [HIGH] CWE-284 CVE-2019-0041: On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the cont On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.

CVE-2019-0037 [HIGH] CVE-2019-0037: In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clie

CVE-2019-0043 [HIGH] CWE-404 CVE-2019-0043: In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affec

CVE-2019-0019 [HIGH] CWE-404 CVE-2019-0019: When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon ( When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9,

CVE-2019-0028 [HIGH] CWE-404 CVE-2019-0028: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mecha On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly c

CVE-2019-0044 [HIGH] CWE-404 CVE-2019-0044: Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to cr Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X4

CVE-2019-0038 [MEDIUM] CWE-400 CVE-2019-0038: Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Juno

CVE-2019-0035 [MEDIUM] CWE-501 CVE-2019-0035: When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expect When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access

CVE-2017-3145 [HIGH] CWE-416 CVE-2017-3145: BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in s BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.