Juniper Networks Junos Os vulnerabilities

CVE-2021-0256 [MEDIUM] CWE-250 CVE-2021-0256: A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerabil

CVE-2021-0263 [MEDIUM] CWE-19 CVE-2021-0263: A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Netw A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . The Multi-Service Process running on the FPC is responsibl

CVE-2021-0241 [MEDIUM] CWE-703 CVE-2021-0241: On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juni On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued re

CVE-2021-0262 [MEDIUM] CWE-416 CVE-2021-0262: Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Contin

CVE-2021-0214 [MEDIUM] CWE-20 CVE-2021-0214: A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Junipe A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed pack

CVE-2021-0231 [MEDIUM] CWE-22 CVE-2021-0231: A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticate A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versio

CVE-2021-0240 [MEDIUM] CWE-703 CVE-2021-0240: On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and pro

CVE-2021-0242 [MEDIUM] CWE-119 CVE-2021-0242: A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switche A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving th

CVE-2021-0273 [MEDIUM] CWE-670 CVE-2021-0273: An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Jun An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to ca

CVE-2021-0270 [MEDIUM] CWE-362 CVE-2021-0270: On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free we On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race co

CVE-2021-0267 [MEDIUM] CWE-20 CVE-2021-0267: An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. This is typically configured for Broadband Subscriber Sessions. Continued rec

CVE-2021-0243 [MEDIUM] CWE-241 CVE-2021-0243: Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. When the firewall policer discard action fails on a Layer 2 port, it will allow traffic to pass even though it exceeds set pol

CVE-2021-0257 [MEDIUM] CWE-400 CVE-2021-0257: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concent On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices

CVE-2021-0236 [MEDIUM] CWE-754 CVE-2021-0236: Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Juno Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of thi

CVE-2021-0272 [MEDIUM] CWE-401 CVE-2021-0272: A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexibl A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and res

CVE-2021-0228 [MEDIUM] CWE-754 CVE-2021-0228: An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to tri

CVE-2021-0229 [MEDIUM] CWE-400 CVE-2021-0229: An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) serve An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. A Juniper Extension Toolkit (JET) application designed with a listening port uses t

CVE-2021-0211 [CRITICAL] CWE-754 CVE-2021-0211: An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Ev An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Den

CVE-2021-0204 [HIGH] CWE-250 CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Jun A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned b

CVE-2021-0207 [HIGH] CWE-115 CVE-2021-0207: An improper interpretation conflict of certain data between certain software components within the J An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This c