Juniper Networks Junos Os vulnerabilities

CVE-2017-2348 [HIGH] CWE-400 CVE-2017-2348: The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon re The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected

CVE-2017-2344 [HIGH] CWE-119 CVE-2017-2344: A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary p

CVE-2017-10602 [HIGH] CWE-119 CVE-2017-10602: A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE),

CVE-2017-10603 [HIGH] CWE-91 CVE-2017-10603: An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate pri An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not a

CVE-2017-2342 [HIGH] CWE-392 CVE-2017-2342: MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into b

CVE-2017-2341 [HIGH] CWE-287 CVE-2017-2341: An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virt An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QF

CVE-2017-2314 [HIGH] CWE-20 CVE-2017-2314: Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases a

CVE-2017-2347 [HIGH] CWE-20 CVE-2017-2347: A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prio

CVE-2017-2349 [HIGH] CWE-77 CVE-2017-2349: A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devi A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X4

CVE-2017-2346 [MEDIUM] CVE-2017-2346: An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Applic An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1

CVE-2017-10604 [MEDIUM] CWE-307 CVE-2017-10604: When the device is configured to perform account lockout with a defined period of time, any unauthen When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with sy

CVE-2003-0001 [MEDIUM] CWE-200 CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, whi Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.