Juniper Networks Junos Os vulnerabilities

CVE-2023-22404 [MEDIUM] CWE-787 CVE-2023-22404: An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during

CVE-2023-22409 [MEDIUM] CWE-1284 CVE-2023-22409: An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS al An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and

CVE-2023-22410 [MEDIUM] CWE-401 CVE-2023-22410: A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this spe

CVE-2023-22405 [MEDIUM] CWE-1250 Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (

CVE-2022-22184 [HIGH] CWE-20 CVE-2022-22184: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, th

CVE-2022-22241 [CRITICAL] CWE-20 CVE-2022-22241: An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may a An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affe

CVE-2022-22251 [HIGH] CWE-257 CVE-2022-22251: On cSRX Series devices software permission issues in the container filesystem and stored files combi On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos

CVE-2022-22218 [HIGH] CWE-754 CVE-2022-22218: On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificat On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Auth

CVE-2022-22236 [HIGH] CWE-824 CVE-2022-22236: An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper N An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS

CVE-2022-22223 [HIGH] CWE-1285 CVE-2022-22223: On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penult On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach

CVE-2022-22235 [HIGH] CWE-754 CVE-2022-22235: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header

CVE-2022-22232 [HIGH] CWE-476 CVE-2022-22232: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos O A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will cras

CVE-2022-22201 [HIGH] CWE-1285 CVE-2022-22201: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packe

CVE-2022-22246 [HIGH] CWE-829 CVE-2022-22246: A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS m A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete

CVE-2022-22231 [HIGH] CWE-690 CVE-2022-22231: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system

CVE-2022-22228 [HIGH] CWE-1287 CVE-2022-22228: An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: J

CVE-2022-22243 [MEDIUM] CWE-20 CVE-2022-22243: An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: al

CVE-2022-22226 [MEDIUM] CWE-789 CVE-2022-22226: In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vu In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are rece

CVE-2022-22250 [MEDIUM] CWE-664 CVE-2022-22250: An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PF An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indi

CVE-2022-22245 [MEDIUM] CWE-23 CVE-2022-22245: A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authent A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability