Juniper Junos vulnerabilities

CVE-2024-30410 [MEDIUM] CWE-696 CVE-2024-30410: An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filt

CVE-2024-30384 [MEDIUM] CWE-754 CVE-2024-30384: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to b

CVE-2024-30391 [MEDIUM] CWE-306 CVE-2024-30391: A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) o A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm

CVE-2024-30389 [MEDIUM] CWE-696 CVE-2024-30389: An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets b

CVE-2024-21610 [MEDIUM] CWE-755 CVE-2024-21610: An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) o An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCON

CVE-2024-30409 [MEDIUM] CWE-754 CVE-2024-30409: An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Jun An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos O

CVE-2024-21615 [MEDIUM] CWE-276 CVE-2024-21615: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved all An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privil

CVE-2024-21619 [HIGH] CWE-209 CVE-2024-21619: A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Mes A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which

CVE-2024-21620 [MEDIUM] CWE-79 CVE-2024-21620: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific

CVE-2024-21591 [CRITICAL] CWE-787 CVE-2024-21591: An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Ser An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite

CVE-2024-21616 [HIGH] CWE-1286 CVE-2024-21616: An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT

CVE-2024-21597 [HIGH] CWE-668 CVE-2024-21597: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juni An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the devic

CVE-2024-21606 [HIGH] CWE-415 CVE-2024-21606: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on S A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be obse

CVE-2024-21614 [HIGH] CWE-754 CVE-2024-21614: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a sp

CVE-2024-21595 [HIGH] CWE-1286 CVE-2024-21595: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Eng An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and

CVE-2024-21611 [HIGH] CWE-401 CVE-2024-21611: A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon ( A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a s

CVE-2024-21601 [MEDIUM] CWE-362 CVE-2024-21601: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulne A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously proc

CVE-2023-36842 [MEDIUM] CWE-703 CVE-2023-36842: An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcp An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a s

CVE-2024-21617 [MEDIUM] CWE-459 CVE-2024-21617: An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks J An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.

CVE-2024-21596 [MEDIUM] CWE-122 CVE-2024-21596: A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and re