Juniper Networks Junos OS Evolved vulnerabilities

CVE-2024-21614 [HIGH] CWE-754 CVE-2024-21614: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a sp

CVE-2024-21602 [HIGH] CWE-476 CVE-2024-21602: A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-3 A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interru

CVE-2024-21612 [HIGH] CWE-228 CVE-2024-21612: An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protoc An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leadin

CVE-2024-21613 [MEDIUM] CWE-401 CVE-2024-21613: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or

CVE-2024-21596 [MEDIUM] CWE-122 CVE-2024-21596: A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and re

CVE-2024-21585 [MEDIUM] CWE-755 CVE-2024-21585: An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a De

CVE-2023-44197 [HIGH] CWE-787 CVE-2023-44197: An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an establishe

CVE-2023-44182 [HIGH] CWE-252 CVE-2023-44182: An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators a

CVE-2023-44185 [HIGH] CWE-20 CVE-2023-44185: An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects:

CVE-2023-44177 [MEDIUM] CWE-121 CVE-2023-44177: A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All v

CVE-2023-44204 [MEDIUM] CWE-1286 CVE-2023-44204: An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon ( An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. T

CVE-2023-44201 [MEDIUM] CWE-732 CVE-2023-44201: An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Junipe An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That f

CVE-2023-44184 [MEDIUM] CWE-119 CVE-2023-44184: An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the man An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. T

CVE-2023-44195 [MEDIUM] CWE-923 CVE-2023-44195: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Network An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed no

CVE-2023-44175 [HIGH] CWE-617 CVE-2023-44175: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Not

CVE-2023-44196 [MEDIUM] CWE-754 Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach the RE Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach the RE An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS

CVE-2023-36839 [MEDIUM] CWE-1284 CVE-2023-36839: An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocol An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry

CVE-2023-44186 [HIGH] CWE-755 CVE-2023-44186: An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Netwo An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustaine

CVE-2023-44190 [MEDIUM] CWE-346 CVE-2023-44190: An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved o An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the rout

CVE-2023-44187 [MEDIUM] CWE-200 CVE-2023-44187: An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved al An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: *