Juniper Networks Junos Os vulnerabilities

CVE-2023-36836 [MEDIUM] CWE-908 CVE-2023-36836: A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Net A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can

CVE-2023-36850 [MEDIUM] CWE-1285 CVE-2023-36850: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connect An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC

CVE-2023-36834 [MEDIUM] CWE-372 CVE-2023-36834: An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juni An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines

CVE-2023-0026 [HIGH] CWE-20 CVE-2023-0026: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, t

CVE-2023-28962 [CRITICAL] CWE-287 CVE-2023-28962: An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions;

CVE-2023-28976 [HIGH] CWE-754 CVE-2023-28976: An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PF

CVE-2023-28982 [HIGH] CWE-401 CVE-2023-28982: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usa

CVE-2023-28967 [HIGH] CWE-908 CVE-2023-28967: A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Junip A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue

CVE-2023-28964 [HIGH] CWE-130 CVE-2023-28964: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service

CVE-2023-28965 [HIGH] CWE-703 CVE-2023-28965: An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable

CVE-2023-28968 [MEDIUM] CWE-1325 CVE-2023-28968: An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Pac An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to sen

CVE-2023-28984 [MEDIUM] CWE-362 CVE-2023-28984: A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks J A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent

CVE-2023-28980 [MEDIUM] CWE-416 CVE-2023-28980: A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scena

CVE-2023-28974 [MEDIUM] CWE-754 CVE-2023-28974: An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Net An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subs

CVE-2023-28979 [MEDIUM] CWE-754 CVE-2023-28979: An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Netwo An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded

CVE-2023-28981 [MEDIUM] CWE-20 CVE-2023-28981: An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS E An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to

CVE-2023-28970 [MEDIUM] CWE-703 CVE-2023-28970: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the ne An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt an

CVE-2023-28963 [MEDIUM] CWE-287 CVE-2023-28963: An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Ne An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 vers

CVE-2023-1697 [MEDIUM] CWE-230 CVE-2023-1697: An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Junipe An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a

CVE-2023-28961 [MEDIUM] CWE-241 CVE-2023-28961: An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Jun An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter