Juniper Networks Junos Os vulnerabilities

CVE-2024-21615 [MEDIUM] CWE-276 CVE-2024-21615: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved all An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privil

CVE-2024-21619 [HIGH] CWE-209 CVE-2024-21619: A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Mes A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which

CVE-2024-21620 [MEDIUM] CWE-79 CVE-2024-21620: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific

CVE-2024-21591 [CRITICAL] CWE-787 CVE-2024-21591: An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Ser An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite

CVE-2024-21616 [HIGH] CWE-1286 CVE-2024-21616: An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT

CVE-2024-21597 [HIGH] CWE-668 CVE-2024-21597: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juni An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the devic

CVE-2024-21606 [HIGH] CWE-415 CVE-2024-21606: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on S A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be obse

CVE-2024-21614 [HIGH] CWE-754 CVE-2024-21614: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a sp

CVE-2024-21595 [HIGH] CWE-1286 CVE-2024-21595: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Eng An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and

CVE-2024-21611 [HIGH] CWE-401 CVE-2024-21611: A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon ( A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a s

CVE-2024-21601 [MEDIUM] CWE-362 CVE-2024-21601: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulne A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously proc

CVE-2023-36842 [MEDIUM] CWE-703 CVE-2023-36842: An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcp An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a s

CVE-2024-21617 [MEDIUM] CWE-459 CVE-2024-21617: An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks J An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.

CVE-2024-21596 [MEDIUM] CWE-122 CVE-2024-21596: A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and re

CVE-2024-21607 [MEDIUM] CWE-447 CVE-2024-21607: An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted in

CVE-2024-21613 [MEDIUM] CWE-401 CVE-2024-21613: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or

CVE-2024-21599 [MEDIUM] CWE-401 CVE-2024-21599: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will resul

CVE-2024-21594 [MEDIUM] CWE-122 CVE-2024-21594: A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash.

CVE-2024-21587 [MEDIUM] CWE-755 CVE-2024-21587: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber manag An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).

CVE-2024-21585 [MEDIUM] CWE-755 CVE-2024-21585: An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a De