Juniper Junos vulnerabilities

CVE-2024-47491 [HIGH] CWE-755 CVE-2024-47491: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. C

CVE-2024-47494 [HIGH] CWE-367 CVE-2024-47494: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper N A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an

CVE-2024-39526 [HIGH] CWE-755 CVE-2024-39526: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to s

CVE-2024-47493 [HIGH] CWE-401 CVE-2024-47493: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap

CVE-2024-47499 [HIGH] CWE-754 CVE-2024-47499: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving

CVE-2024-47504 [HIGH] CWE-1287 CVE-2024-47504: An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart.

CVE-2024-47501 [MEDIUM] CWE-476 CVE-2024-47501: A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will ca

CVE-2024-47507 [MEDIUM] CWE-754 CVE-2024-47507: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an

CVE-2024-39527 [MEDIUM] CWE-200 CVE-2024-39527: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line inte An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with lim

CVE-2024-47496 [MEDIUM] CWE-476 CVE-2024-47496: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks J A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will cre

CVE-2024-39525 [HIGH] CWE-755 CVE-2024-39525: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet wil

CVE-2024-39516 [HIGH] CWE-125 CVE-2024-39516: An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Jun An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create

CVE-2024-39515 [HIGH] CWE-1288 CVE-2024-39515: An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing

CVE-2024-39551 [HIGH] CWE-400 CVE-2024-39551: An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these sp

CVE-2024-39541 [HIGH] CWE-755 CVE-2024-39541: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then

CVE-2024-39529 [HIGH] CWE-134 CVE-2024-39529: A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and spe

CVE-2024-39540 [HIGH] CWE-754 CVE-2024-39540: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts

CVE-2024-39530 [HIGH] CWE-754 CVE-2024-39530: An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daem An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, ch

CVE-2024-39543 [HIGH] CWE-120 CVE-2024-39543: A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of J A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this pa

CVE-2024-39545 [HIGH] CWE-754 CVE-2024-39545: An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) o An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Ser