Juniper Networks Junos Os vulnerabilities

CVE-2022-22213 [MEDIUM] CWE-232 CVE-2022-22213: A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juni A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and

CVE-2022-22215 [MEDIUM] CWE-772 CVE-2022-22215: A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable au A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/v

CVE-2022-22210 [MEDIUM] CWE-476 CVE-2022-22210: A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks J A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process w

CVE-2022-22203 [MEDIUM] CWE-697 CVE-2022-22203: An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthe An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets w

CVE-2022-22202 [MEDIUM] CWE-755 CVE-2022-22202: An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, includi An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to

CVE-2022-22217 [MEDIUM] CWE-754 CVE-2022-22217: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. Thes

CVE-2022-22204 [MEDIUM] CWE-401 CVE-2022-22204: An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP pa

CVE-2022-22188 [HIGH] CWE-122 CVE-2022-22188: An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packe An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number

CVE-2022-22197 [HIGH] CWE-672 CVE-2022-22197: An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and cert

CVE-2022-22198 [HIGH] CWE-824 CVE-2022-22198: An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or

CVE-2022-22185 [HIGH] CWE-754 CVE-2022-22185: A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated a A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sust

CVE-2022-22181 [MEDIUM] CWE-79 CVE-2022-22181: A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions

CVE-2022-22182 [MEDIUM] CWE-79 CVE-2022-22182: A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior t

CVE-2022-22186 [MEDIUM] CWE-665 CVE-2022-22186: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, pack Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and sh

CVE-2022-22193 [MEDIUM] CWE-241 CVE-2022-22193: An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of J An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding

CVE-2022-22196 [MEDIUM] CWE-754 CVE-2022-22196: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which

CVE-2022-22191 [MEDIUM] CWE-410 CVE-2022-22191: A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juni A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the r

CVE-2022-22167 [CRITICAL] CWE-863 CVE-2022-22167: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gatew A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dyn

CVE-2022-22157 [CRITICAL] CWE-863 CVE-2022-22157: A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gatew A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic

CVE-2022-22159 [HIGH] CVE-2022-22159: A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when th