Juniper Junos vulnerabilities

CVE-2024-21586 [HIGH] CWE-754 CVE-2024-21586: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an affected device receives specific valid traffic destined to the device, it will cause the PFE

CVE-2024-30380 [HIGH] CWE-755 CVE-2024-30380: An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV. The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP,

CVE-2024-30378 [MEDIUM] CWE-416 CVE-2024-30378: A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allow A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically. When speci

CVE-2024-30382 [HIGH] CWE-755 CVE-2024-30382: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered whe

CVE-2024-21605 [HIGH] CWE-668 CVE-2024-21605: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Junip An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the devi

CVE-2024-30392 [HIGH] CWE-121 CVE-2024-30392: A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Ju A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will cra

CVE-2024-30394 [HIGH] CWE-121 CVE-2024-30394: A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received vi

CVE-2024-30395 [HIGH] CWE-1287 CVE-2024-30395: An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed

CVE-2024-21609 [HIGH] CWE-401 CVE-2024-21609: A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Junip A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, rem

CVE-2024-21598 [HIGH] CWE-1286 CVE-2024-21598: An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemo An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute

CVE-2024-30397 [HIGH] CWE-754 CVE-2024-30397: An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastr An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and b

CVE-2024-30387 [HIGH] CWE-820 CVE-2024-30387: A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Ju A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads

CVE-2024-30401 [HIGH] CWE-125 CVE-2024-30401: An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface

CVE-2024-30402 [HIGH] CWE-754 CVE-2024-30402: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learnin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, t

CVE-2024-30405 [HIGH] CWE-131 CVE-2024-30405: An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series d An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service co

CVE-2024-21618 [HIGH] CWE-788 CVE-2024-21618: An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daem An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LL

CVE-2024-30398 [HIGH] CWE-119 CVE-2024-30398: An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Pack An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet han

CVE-2024-30388 [HIGH] CWE-653 CVE-2024-30388: An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series devic

CVE-2024-30386 [HIGH] CWE-416 CVE-2024-30386: A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order o

CVE-2024-21593 [HIGH] CWE-703 CVE-2024-21593: An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE