Juniper Junos vulnerabilities

CVE-2019-0002 [CRITICAL] CWE-794 CVE-2019-0002: On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions

CVE-2019-0007 [CRITICAL] CWE-330 CVE-2019-0007: The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Ju

CVE-2019-0006 [CRITICAL] CWE-908 CVE-2019-0006: A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when th

CVE-2019-0013 [HIGH] CWE-19 CVE-2019-0013: The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Jo The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Ju

CVE-2019-0014 [HIGH] CWE-19 CVE-2019-0014: On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexib On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet pr

CVE-2019-0012 [HIGH] CVE-2019-0012: A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured wi

CVE-2019-0001 [HIGH] CWE-674 CVE-2019-0001: Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an un Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the devi

CVE-2019-0010 [HIGH] CWE-770 CVE-2019-0010: An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: al

CVE-2019-0011 [MEDIUM] CVE-2019-0011: The Junos OS kernel crashes after processing a specific incoming packet to the out of band managemen The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versio

CVE-2019-0015 [MEDIUM] CWE-613 CVE-2019-0015: A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dyna A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successfu

CVE-2019-0003 [MEDIUM] CWE-617 CVE-2019-0003: When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP pa When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versi

CVE-2019-0005 [MEDIUM] CWE-770 CVE-2019-0005: On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform pack On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;:

CVE-2019-0009 [MEDIUM] CVE-2019-0009: On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the rout On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series:

CVE-2018-0057 [CRITICAL] CVE-2018-0057: On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers l On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured und

CVE-2018-0052 [HIGH] CWE-287 CVE-2018-0052: If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenti If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disa

CVE-2018-0049 [HIGH] CWE-476 CVE-2018-0049: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause th A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected

CVE-2018-0062 [HIGH] CWE-20 CVE-2018-0062: A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior

CVE-2018-0048 [HIGH] CWE-400 CVE-2018-0048: A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support c A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17

CVE-2018-0058 [HIGH] CWE-20 CVE-2018-0058: Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by the Tomcat (Next Generation Subscriber Management) functionality in Junos OS

CVE-2018-0045 [HIGH] CWE-20 CVE-2018-0045: Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) pr Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when th