Juniper Networks Junos Os vulnerabilities

CVE-2023-28959 [MEDIUM] CWE-703 CVE-2023-28959: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Junipe An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial

CVE-2023-28975 [MEDIUM] CWE-394 CVE-2023-28975: An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS a An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The devi

CVE-2023-22413 [HIGH] CWE-703 CVE-2023-22413: An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Junipe An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon

CVE-2023-22396 [HIGH] CWE-400 CVE-2023-22396: An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of J An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and mus

CVE-2023-22412 [HIGH] CWE-667 CVE-2023-22412: An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-M An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Servic

CVE-2023-22399 [HIGH] CWE-120 CVE-2023-22399: When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) con

CVE-2023-22415 [HIGH] CWE-787 CVE-2023-22415: An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthe An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued r

CVE-2023-22416 [HIGH] CWE-120 CVE-2023-22416: A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unau A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Netwo

CVE-2023-22394 [HIGH] CWE-911 CVE-2023-22394: An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper N An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is e

CVE-2023-22401 [HIGH] CWE-129 CVE-2023-22401: An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemo An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is

CVE-2023-22411 [HIGH] CWE-787 CVE-2023-22411: An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, th

CVE-2023-22391 [HIGH] CWE-755 CVE-2023-22391: A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this

CVE-2023-22417 [HIGH] CWE-401 CVE-2023-22417: A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (fl A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash a

CVE-2023-22393 [HIGH] CWE-358 CVE-2023-22393: An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Jun An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create

CVE-2023-22403 [HIGH] CWE-770 CVE-2023-22403: An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engi An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the

CVE-2023-22407 [MEDIUM] CWE-459 CVE-2023-22407: An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos O An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Juno

CVE-2023-22395 [MEDIUM] CWE-401 CVE-2023-22395: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued

CVE-2023-22398 [MEDIUM] CWE-824 CVE-2023-22398: An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Net An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a su

CVE-2023-22406 [MEDIUM] CWE-401 CVE-2023-22406: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous incre

CVE-2023-22414 [MEDIUM] CWE-401 CVE-2023-22414: A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN M