Juniper Networks Junos OS Evolved vulnerabilities

CVE-2024-47505 [HIGH] CWE-770 CVE-2024-47505: An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon ( An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID

CVE-2024-39526 [HIGH] CWE-755 CVE-2024-39526: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to s

CVE-2024-47499 [HIGH] CWE-754 CVE-2024-47499: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving

CVE-2024-47508 [HIGH] CWE-770 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2 An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (D

CVE-2024-47489 [MEDIUM] CWE-755 CVE-2024-47489: An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) o An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit pr

CVE-2024-39544 [MEDIUM] CWE-276 CVE-2024-39544: An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networ An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files

CVE-2024-39534 [MEDIUM] CWE-697 CVE-2024-39534: An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Juno An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow

CVE-2024-47507 [MEDIUM] CWE-754 CVE-2024-47507: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an

CVE-2024-39525 [HIGH] CWE-755 CVE-2024-39525: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet wil

CVE-2024-39516 [HIGH] CWE-125 CVE-2024-39516: An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Jun An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create

CVE-2024-39515 [HIGH] CWE-1288 CVE-2024-39515: An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing

CVE-2024-39531 [HIGH] CWE-229 CVE-2024-39531: An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networ An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same

CVE-2024-39538 [HIGH] CWE-120 CVE-2024-39538: A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of th

CVE-2024-39521 [HIGH] CWE-78 CVE-2024-39521: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved co An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which exe

CVE-2024-39522 [HIGH] CWE-78 CVE-2024-39522: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved co An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which exe

CVE-2024-39546 [HIGH] CWE-862 CVE-2024-39546: A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. Thi

CVE-2024-39541 [HIGH] CWE-755 CVE-2024-39541: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then

CVE-2024-39542 [HIGH] CWE-1286 CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engi An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scen

CVE-2024-39543 [HIGH] CWE-120 CVE-2024-39543: A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of J A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this pa

CVE-2024-39549 [HIGH] CWE-401 CVE-2024-39549: A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rp A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial