Juniper Networks Junos OS Evolved vulnerabilities

CVE-2022-22233 [MEDIUM] CWE-690 CVE-2022-22233: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segm

CVE-2022-22212 [HIGH] CWE-770 CVE-2022-22212: An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engin An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on

CVE-2022-22214 [MEDIUM] CWE-20 CVE-2022-22214: An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a

CVE-2022-22213 [MEDIUM] CWE-232 CVE-2022-22213: A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juni A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and

CVE-2022-22215 [MEDIUM] CWE-772 CVE-2022-22215: A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable au A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/v

CVE-2022-22195 [HIGH] CWE-911 CVE-2022-22195: An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolv An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EV

CVE-2022-22197 [HIGH] CWE-672 CVE-2022-22197: An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and cert

CVE-2022-22183 [HIGH] CWE-16 CVE-2022-22183: An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) c

CVE-2022-22194 [HIGH] CWE-754 CVE-2022-22194: An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juni An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This i

CVE-2022-22193 [MEDIUM] CWE-241 CVE-2022-22193: An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of J An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding

CVE-2022-22196 [MEDIUM] CWE-754 CVE-2022-22196: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which

CVE-2022-22177 [HIGH] CWE-755 CVE-2022-22177: A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 version

CVE-2022-22169 [MEDIUM] CWE-665 CVE-2022-22169: An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Ju An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causi

CVE-2022-22172 [MEDIUM] CWE-401 CVE-2022-22172: A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when spec

CVE-2022-22164 [MEDIUM] CWE-665 CVE-2022-22164: An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit ope An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet i

CVE-2021-31353 [HIGH] CWE-755 CVE-2021-31353: An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Serv

CVE-2021-31383 [HIGH] CWE-121 CVE-2021-31383: In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neig In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a rem

CVE-2021-31360 [HIGH] CWE-20 CVE-2021-31360: An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a

CVE-2021-31354 [HIGH] CWE-125 CVE-2021-31354: An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability

CVE-2021-31358 [HIGH] CWE-77 CVE-2021-31358: A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved al A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restriction