Juniper Networks Junos Os vulnerabilities

CVE-2019-0069 [MEDIUM] CWE-319 CVE-2019-0069: On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. Th

CVE-2019-0074 [MEDIUM] CWE-22 CVE-2019-0074: A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engi

CVE-2019-0067 [MEDIUM] CVE-2019-0067: Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and re Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versio

CVE-2019-0053 [HIGH] CWE-121 CVE-2019-0053: Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only

CVE-2019-0049 [HIGH] CWE-404 CVE-2019-0049: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mecha On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonge

CVE-2019-0052 [HIGH] CWE-404 CVE-2019-0052: The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specifi The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networ

CVE-2019-0048 [MEDIUM] CWE-200 CVE-2019-0048: On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an impl On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewal

CVE-2019-0046 [MEDIUM] CWE-400 CVE-2019-0046: A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allow A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service

CVE-2019-0036 [CRITICAL] CWE-284 CVE-2019-0036: When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juni

CVE-2019-0040 [CRITICAL] CWE-200 CVE-2019-0040: On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). Ex On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the ma

CVE-2019-0008 [CRITICAL] CWE-121 CVE-2019-0008: A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS

CVE-2019-0031 [HIGH] CWE-400 CVE-2019-0031: Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption is Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condi

CVE-2019-0033 [HIGH] CWE-400 CVE-2019-0033: A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an atta A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X

CVE-2019-0039 [HIGH] CWE-307 CVE-2019-0039: If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The hi If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute forc

CVE-2019-0041 [HIGH] CWE-284 CVE-2019-0041: On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the cont On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.

CVE-2019-0037 [HIGH] CVE-2019-0037: In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clie

CVE-2019-0043 [HIGH] CWE-404 CVE-2019-0043: In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affec

CVE-2019-0019 [HIGH] CWE-404 CVE-2019-0019: When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon ( When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9,

CVE-2019-0028 [HIGH] CWE-404 CVE-2019-0028: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mecha On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly c

CVE-2019-0044 [HIGH] CWE-404 CVE-2019-0044: Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to cr Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X4