Juniper Junos vulnerabilities

CVE-2018-0029 [MEDIUM] CWE-400 CVE-2018-0029: While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'moni While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerabili

CVE-2018-0031 [MEDIUM] CWE-400 CVE-2018-0031: Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall fil Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high

CVE-2018-0034 [MEDIUM] CWE-20 CVE-2018-0034: A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 D

CVE-2018-0027 [MEDIUM] CWE-20 CVE-2018-0027: Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to h Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networ

CVE-2018-0020 [HIGH] CWE-20 CVE-2018-0020: Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing proces Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Juno

CVE-2018-0022 [HIGH] CWE-400 CVE-2018-0022: A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible t A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of

CVE-2018-0016 [HIGH] CVE-2018-0016: Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interf Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Devices with without CLNS enabled are not vulnerable to

CVE-2018-0021 [HIGH] CVE-2018-0021: If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for

CVE-2018-0017 [MEDIUM] CWE-20 CVE-2018-0017: A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X

CVE-2018-0019 [MEDIUM] CWE-20 CVE-2018-0019: A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based att A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities.

CVE-2018-0018 [MEDIUM] CWE-200 CVE-2018-0018: On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted pack On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devi

CVE-2018-0007 [CRITICAL] CWE-77 CVE-2018-0007: An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the loca An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the de

CVE-2018-0001 [CRITICAL] CWE-416 CVE-2018-0001: A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5;

CVE-2018-0005 [HIGH] CWE-754 CVE-2018-0005: QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forwa QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior

CVE-2018-0009 [MEDIUM] CVE-2018-0009: On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 vers

CVE-2018-0002 [MEDIUM] CWE-119 CVE-2018-0002: On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP respon On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected relea

CVE-2018-0008 [MEDIUM] CWE-287 CVE-2018-0008: An unauthenticated root login may allow upon reboot when a commit script is used. A commit script al An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot wh

CVE-2018-0003 [MEDIUM] CVE-2018-0003: A specially crafted MPLS packet received or processed by the system, on an interface configured with A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 1

CVE-2018-0004 [MEDIUM] CWE-400 CVE-2018-0004: A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system.

CVE-2018-0006 [MEDIUM] CWE-770 CVE-2018-0006: A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to exc