Juniper Junos vulnerabilities

CVE-2024-21607 [MEDIUM] CWE-447 CVE-2024-21607: An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted in

CVE-2024-21613 [MEDIUM] CWE-401 CVE-2024-21613: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or

CVE-2024-21599 [MEDIUM] CWE-401 CVE-2024-21599: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will resul

CVE-2024-21594 [MEDIUM] CWE-122 CVE-2024-21594: A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash.

CVE-2024-21587 [MEDIUM] CWE-755 CVE-2024-21587: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber manag An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).

CVE-2024-21585 [MEDIUM] CWE-755 CVE-2024-21585: An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a De

CVE-2024-21603 [MEDIUM] CWE-754 CVE-2024-21603: An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Netw An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU

CVE-2024-21600 [MEDIUM] CWE-76 CVE-2024-21600: An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding En An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will

CVE-2023-44197 [HIGH] CWE-787 CVE-2023-44197: An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an establishe

CVE-2023-44181 [HIGH] CWE-835 CVE-2023-44181: An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Net An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects J

CVE-2023-44194 [HIGH] CWE-276 CVE-2023-44194: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticat An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root

CVE-2023-44198 [HIGH] CWE-754 CVE-2023-44198: An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Net An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents t

CVE-2023-44182 [HIGH] CWE-252 CVE-2023-44182: An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators a

CVE-2023-44192 [HIGH] CWE-20 CVE-2023-44192: An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Juno An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific D

CVE-2023-44191 [HIGH] CWE-770 CVE-2023-44191: An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to d

CVE-2023-44199 [HIGH] CWE-754 CVE-2023-44199: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engi An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can le

CVE-2023-44185 [HIGH] CWE-20 CVE-2023-44185: An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects:

CVE-2023-44193 [MEDIUM] CWE-401 CVE-2023-44193: An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Eng An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CF

CVE-2023-44177 [MEDIUM] CWE-121 CVE-2023-44177: A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All v

CVE-2023-44204 [MEDIUM] CWE-1286 CVE-2023-44204: An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon ( An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. T