Juniper Networks Junos Os vulnerabilities

CVE-2020-1613 [HIGH] CWE-710 CVE-2020-1613: A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to t A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement.

CVE-2020-1634 [HIGH] CWE-190 CVE-2020-1634: On High-End SRX Series devices, in specific configurations and when specific networking events or op On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3

CVE-2020-1619 [MEDIUM] CWE-20 CVE-2020-1619: A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, an A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series

CVE-2020-1625 [MEDIUM] CWE-400 CVE-2020-1625: The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increa The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of

CVE-2020-1628 [MEDIUM] CWE-200 CVE-2020-1628: Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue

CVE-2020-1618 [MEDIUM] CWE-288 CVE-2020-1618: On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user conne On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the

CVE-2020-1629 [MEDIUM] CWE-366 CVE-2020-1629: A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol da A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 ve

CVE-2020-1637 [MEDIUM] CWE-288 CVE-2020-1637: A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may a A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Wo

CVE-2020-1630 [MEDIUM] CWE-264 CVE-2020-1630: A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routi A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE

CVE-2020-1603 [HIGH] CWE-710 CVE-2020-1603: Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. T Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak event

CVE-2020-1608 [HIGH] CVE-2020-1608: Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device config Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Serie

CVE-2020-1606 [HIGH] CWE-22 CVE-2020-1606: A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J- A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to

CVE-2020-1602 [HIGH] CWE-416 CVE-2020-1602: When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juni

CVE-2020-1605 [HIGH] CWE-78 CVE-2020-1605: When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: J

CVE-2020-1609 [HIGH] CWE-78 CVE-2020-1609: When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: J

CVE-2020-1601 [HIGH] CVE-2020-1601: Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and proces Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file the

CVE-2020-1604 [MEDIUM] CWE-284 CVE-2020-1604: On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor d

CVE-2020-1607 [MEDIUM] CWE-79 CVE-2020-1607: Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12

CVE-2020-1600 [MEDIUM] CWE-400 CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consump In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6.

CVE-2019-0073 [HIGH] CWE-732 CVE-2019-0073: The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may h The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior t