Juniper Networks Junos Os vulnerabilities

CVE-2021-0208 [HIGH] CWE-20 CVE-2021-0208: An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper N An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the De

CVE-2021-0203 [HIGH] CWE-794 CVE-2021-0203: On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic

CVE-2021-0217 [HIGH] CWE-119 CVE-2021-0217: A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Ser A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to c

CVE-2021-0218 [HIGH] CWE-78 CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. A

CVE-2021-0223 [HIGH] CWE-250 CVE-2021-0223: A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue

CVE-2021-0206 [HIGH] CWE-476 CVE-2021-0206: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a s A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).

CVE-2021-0202 [HIGH] CWE-400 CVE-2021-0202: On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentr On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC

CVE-2021-0222 [HIGH] CWE-16 CVE-2021-0222: A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) t A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs.

CVE-2021-0205 [MEDIUM] CWE-284 CVE-2021-0205: When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series wit When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes when used as source and destination. This issue affect

CVE-2021-0221 [MEDIUM] CWE-703 CVE-2021-0221: In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. The following command could be use

CVE-2021-0219 [MEDIUM] CWE-78 CVE-2021-0219: A command injection vulnerability in install package validation subsystem of Juniper Networks Junos A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CL

CVE-2021-0210 [MEDIUM] CWE-200 CVE-2021-0210: An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticate An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions

CVE-2021-0215 [MEDIUM] CWE-400 CVE-2021-0215: On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory l On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the s

CVE-2020-1660 [CRITICAL] CWE-362 CVE-2020-1660: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is r

CVE-2020-1667 [HIGH] CWE-362 CVE-2020-1667: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering ser

CVE-2020-1664 [HIGH] CWE-121 CVE-2020-1664: A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos O A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to

CVE-2020-1662 [HIGH] CWE-20 CVE-2020-1662: On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routin On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appea

CVE-2020-1656 [HIGH] CWE-20 CVE-2020-1656: The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Netw The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on t

CVE-2020-1672 [HIGH] CWE-20 CVE-2020-1672: On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHC On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only D

CVE-2020-1683 [HIGH] CWE-401 CVE-2020-1683: On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak cau