Juniper Junos vulnerabilities

CVE-2024-39552 [HIGH] CWE-755 CVE-2024-39552: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD

CVE-2024-39549 [HIGH] CWE-401 CVE-2024-39549: A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rp A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial

CVE-2024-39550 [HIGH] CWE-401 CVE-2024-39550: A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can o

CVE-2024-39542 [HIGH] CWE-1286 CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engi An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scen

CVE-2024-39528 [MEDIUM] CWE-416 CVE-2024-39528: A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received

CVE-2024-39536 [MEDIUM] CWE-401 CVE-2024-39536: A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens

CVE-2024-39532 [MEDIUM] CWE-532 CVE-2024-39532: An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and J An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privile

CVE-2024-39533 [MEDIUM] CWE-447 CVE-2024-39533: An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5 An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not

CVE-2024-39539 [MEDIUM] CWE-401 CVE-2024-39539: A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on M A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects

CVE-2024-39518 [HIGH] CWE-122 CVE-2024-39518: A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Netw A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow m

CVE-2024-39558 [HIGH] CWE-252 CVE-2024-39558: An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Jun An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Re

CVE-2024-39555 [HIGH] CWE-755 CVE-2024-39555: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update mess

CVE-2024-39565 [HIGH] CWE-643 CVE-2024-39565: An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-W An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out o

CVE-2024-39556 [HIGH] CWE-121 CVE-2024-39556: A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' comma

CVE-2024-39517 [HIGH] CWE-754 CVE-2024-39517: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learnin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can

CVE-2024-39560 [HIGH] CWE-755 CVE-2024-39560: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be

CVE-2024-39554 [HIGH] CWE-362 CVE-2024-39554: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulner A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash an

CVE-2024-39514 [HIGH] CWE-703 CVE-2024-39514: An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of

CVE-2024-39561 [MEDIUM] CWE-754 CVE-2024-39561: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. Howeve

CVE-2024-39511 [MEDIUM] CWE-20 CVE-2024-39511: An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Ne An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running th