Juniper Networks Junos Os vulnerabilities

CVE-2021-31371 [MEDIUM] CWE-200 CVE-2021-31371: Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability.

CVE-2021-31375 [MEDIUM] CWE-20 CVE-2021-31375: An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to b

CVE-2021-31369 [MEDIUM] CWE-770 CVE-2021-31369: On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling v On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of sp

CVE-2021-31367 [MEDIUM] CWE-401 CVE-2021-31367: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart al

CVE-2021-31377 [MEDIUM] CWE-732 CVE-2021-31377: An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the file An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to crash and restart, causing a Denial of Service (DoS). Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This is

CVE-2021-31355 [MEDIUM] CWE-79 CVE-2021-31355: A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative act

CVE-2021-31362 [MEDIUM] CWE-693 CVE-2021-31362: A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Ju A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will cre

CVE-2021-31373 [MEDIUM] CWE-20 CVE-2021-31373: A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J- A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active sessio

CVE-2021-31364 [MEDIUM] CWE-362 CVE-2021-31364: An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, res

CVE-2021-31361 [MEDIUM] CWE-754 CVE-2021-31361: An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handlin An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to

CVE-2021-31370 [MEDIUM] CWE-184 CVE-2021-31370: An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper N An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols

CVE-2021-31366 [MEDIUM] CWE-252 CVE-2021-31366: An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Jun An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denia

CVE-2021-31365 [MEDIUM] CWE-400 CVE-2021-31365: An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 an An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2

CVE-2021-0284 [HIGH] CWE-120 CVE-2021-0284: A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut do

CVE-2021-0278 [HIGH] CWE-20 CVE-2021-0278: An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally au An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20

CVE-2021-0277 [HIGH] CWE-125 CVE-2021-0277: An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local

CVE-2021-0285 [HIGH] CWE-770 CVE-2021-0285: An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series an An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregatio

CVE-2021-0280 [HIGH] CWE-665 CVE-2021-0280: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QF Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This

CVE-2021-0283 [HIGH] CWE-120 CVE-2021-0283: A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut do

CVE-2021-0281 [HIGH] CWE-754 CVE-2021-0281: On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustain