Juniper Networks Junos Os vulnerabilities

CVE-2021-0246 [HIGH] CWE-276 CVE-2021-0246: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device sy

CVE-2021-0275 [HIGH] CWE-79 CVE-2021-0275: A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker m

CVE-2021-0269 [HIGH] CWE-233 CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an atta The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit v

CVE-2021-0230 [HIGH] CWE-400 CVE-2021-0230: On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operati On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The foll

CVE-2021-0253 [HIGH] CWE-77 CVE-2021-0253: NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vuln NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions pr

CVE-2021-0252 [HIGH] CWE-77 CVE-2021-0252: NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnera NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prio

CVE-2021-0259 [HIGH] CWE-755 CVE-2021-0259: Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume

CVE-2021-0255 [HIGH] CWE-250 CVE-2021-0255: A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root pri

CVE-2021-0251 [HIGH] CWE-476 CVE-2021-0251: A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daem A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand

CVE-2021-0233 [HIGH] CWE-400 CVE-2021-0233: A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Junip

CVE-2021-0264 [HIGH] CWE-703 CVE-2021-0264: A vulnerability in the processing of traffic matching a firewall filter containing a syslog action i A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the fi

CVE-2021-0245 [HIGH] CWE-798 CVE-2021-0245: A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R

CVE-2021-0247 [MEDIUM] CWE-362 CVE-2021-0247: A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerab A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as we

CVE-2021-0258 [MEDIUM] CWE-362 CVE-2021-0258: A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management inter A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets will create a sustained Denial of Service (DoS) condition. This issue only oc

CVE-2021-0234 [MEDIUM] CWE-665 CVE-2021-0234: Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices wit Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. The DDoS protection (jddosd) daemon allows the device to continue

CVE-2021-0224 [MEDIUM] CWE-770 CVE-2021-0224: A vulnerability in the handling of internal resources necessary to bring up a large number of Layer A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. Continued processing of spoofed subscriber node

CVE-2021-0237 [MEDIUM] CVE-2021-0237: On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtu On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processing of this packet will create a sustained Denial of Service (D

CVE-2021-0271 [MEDIUM] CWE-415 CVE-2021-0271: A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Ne A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) conditi

CVE-2021-0238 [MEDIUM] CWE-400 CVE-2021-0238: When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Proto When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device> show system

CVE-2021-0216 [MEDIUM] CVE-2021-0216: A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause B A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. This, in turn, may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. When a high rate of transit ARP packets are exceptioned to the CPU and B