Juniper Junos Os vulnerabilities

CVE-2021-0288 [MEDIUM] CWE-754 CVE-2021-0288: A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (M CVE-2021-0288: A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will s

CVE-2021-0281 [MEDIUM] CWE-754 CVE-2021-0281: On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packe CVE-2021-0281: On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Co

CVE-2021-0295 [MEDIUM] CWE-697 CVE-2021-0295: A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacke CVE-2021-0295: A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a mul

CVE-2021-0290 [MEDIUM] CWE-755 CVE-2021-0290: Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially c CVE-2021-0290: Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condi

CVE-2021-0294 [MEDIUM] CWE-474 CVE-2021-0294: A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Netw CVE-2021-0294: A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if "storm-control enhanced" is configured, can lead to the enhanced storm control filter

CVE-2021-0291 [MEDIUM] CWE-497 CVE-2021-0291: An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being suffi CVE-2021-0291: An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high

CVE-2021-0292 [MEDIUM] CWE-400 CVE-2021-0292: An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS CVE-2021-0292: An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) con

CVE-2021-0287 [MEDIUM] CWE-754 CVE-2021-0287: In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorit CVE-2021-0287: In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash

CVE-2021-0289 [MEDIUM] CWE-367 CVE-2021-0289: When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) CVE-2021-0289: When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allow

CVE-2021-0293 [MEDIUM] CWE-401 CVE-2021-0293: A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI com CVE-2021-0293: A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connectio

CVE-2021-0248 [CRITICAL] CWE-798 CVE-2021-0248: This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an a CVE-2021-0248: This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue aff

CVE-2021-0254 [CRITICAL] CWE-131 CVE-2021-0254: A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send speci CVE-2021-0254: A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). C

CVE-2021-0249 [HIGH] CWE-120 CVE-2021-0249: On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS CVE-2021-0249: On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted pa

CVE-2021-0275 [HIGH] CWE-79 CVE-2021-0275: A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining a CVE-2021-0275: A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privi

CVE-2021-0266 [HIGH] CWE-321 CVE-2021-0266: The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any insta CVE-2021-0266: The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prio

CVE-2021-0253 [HIGH] CWE-77 CVE-2021-0253: NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate CVE-2021-0253: NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 versio

CVE-2021-0246 [HIGH] CWE-276 CVE-2021-0246: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect def CVE-2021-0246: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one

CVE-2021-0226 [HIGH] CWE-665 CVE-2021-0226: On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Den CVE-2021-0226: On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. T

CVE-2021-0270 [HIGH] CWE-362 CVE-2021-0270: On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) micro CVE-2021-0270: On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flex

CVE-2021-0259 [HIGH] CWE-755 CVE-2021-0259: Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instabi CVE-2021-0259: Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attac