Juniper Junos OS Evolved vulnerabilities

CVE-2024-30402 [HIGH] CWE-754 CVE-2024-30402: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learnin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, t

CVE-2024-21618 [HIGH] CWE-788 CVE-2024-21618: An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daem An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LL

CVE-2024-30386 [HIGH] CWE-416 CVE-2024-30386: A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order o

CVE-2024-30403 [HIGH] CWE-476 CVE-2024-30403: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks J A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit

CVE-2024-30390 [MEDIUM] CWE-307 CVE-2024-30390: An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't co

CVE-2024-30406 [MEDIUM] CWE-313 CVE-2024-30406: A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolve

CVE-2024-30409 [MEDIUM] CWE-754 CVE-2024-30409: An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Jun An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos O

CVE-2024-21615 [MEDIUM] CWE-276 CVE-2024-21615: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved all An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privil

CVE-2024-21604 [HIGH] CWE-770 CVE-2024-21604: An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Netw An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other c

CVE-2024-21614 [HIGH] CWE-754 CVE-2024-21614: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a sp

CVE-2024-21602 [HIGH] CWE-476 CVE-2024-21602: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-3 A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interru

CVE-2024-21612 [HIGH] CWE-228 CVE-2024-21612: An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protoc An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leadin

CVE-2024-21611 [HIGH] CWE-401 CVE-2024-21611: A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon ( A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a s

CVE-2024-21596 [MEDIUM] CWE-122 CVE-2024-21596: A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and re

CVE-2024-21613 [MEDIUM] CWE-401 CVE-2024-21613: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or

CVE-2024-21585 [MEDIUM] CWE-755 CVE-2024-21585: An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a De

CVE-2023-44197 [HIGH] CWE-787 CVE-2023-44197: An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an establishe

CVE-2023-44182 [HIGH] CWE-252 CVE-2023-44182: An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators a

CVE-2023-44185 [HIGH] CWE-20 CVE-2023-44185: An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects:

CVE-2023-44177 [MEDIUM] CWE-121 CVE-2023-44177: A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All v