mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 11:06:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
d54111c754
commit
2ad7f86bf2
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.\n\nThis issue affects Juniper Networks CTPView:\n7.3 versions prior to 7.3R7;\n9.1 versions prior to 9.1R3."
|
||||
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network.\n\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.3R2-S1-EVO;\n20.4 versions prior to 20.4R2-EVO;\n21.1 versions prior to 21.1R2-EVO.\n\nJuniper Networks Junos OS is not affected by this issue.\n"
|
||||
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition.\n\nThis issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms.\n\nJunos OS is not affected by this vulnerability.\n"
|
||||
"value": "A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -52,7 +52,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue.\n\nThis issue affects Juniper Networks Junos OS:\n19.4 versions prior to 19.4R3;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R1-S1, 20.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.4R1."
|
||||
"value": "An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -48,7 +48,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code.\n\nThis issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
|
||||
"value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system.\n\nThe issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root.\n\nThis issue affects Juniper Networks Junos OS:\n18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S5;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R2-S3, 20.2R3;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-EVO;\n21.1-EVO versions prior to 21.1R2-EVO.\n"
|
||||
"value": "An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -158,7 +158,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects specific versions of Juniper Networks Junos OS on MX Series:\n17.3R3-S11;\n17.4R2-S13;\n17.4R3 prior to 17.4R3-S5;\n18.1R3-S12;\n18.2R2-S8, 18.2R3-S7, 18.2R3-S8;\n18.3R3-S4;\n18.4R3-S7;\n19.1R3-S4, 19.1R3-S5;\n19.2R1-S6;\n19.3R3-S2;\n19.4R2-S4, 19.4R2-S5;\n19.4R3-S2;\n20.1R2-S1;\n20.2R2-S2, 20.2R2-S3, 20.2R3;\n20.3R2, 20.3R2-S1;\n20.4R1, 20.4R1-S1, 20.4R2;\n21.1R1;\n\nThis issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;\n"
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects specific versions of Juniper Networks Junos OS on MX Series: 17.3R3-S11; 17.4R2-S13; 17.4R3 prior to 17.4R3-S5; 18.1R3-S12; 18.2R2-S8, 18.2R3-S7, 18.2R3-S8; 18.3R3-S4; 18.4R3-S7; 19.1R3-S4, 19.1R3-S5; 19.2R1-S6; 19.3R3-S2; 19.4R2-S4, 19.4R2-S5; 19.4R3-S2; 20.1R2-S1; 20.2R2-S2, 20.2R2-S3, 20.2R3; 20.3R2, 20.3R2-S1; 20.4R1, 20.4R1-S1, 20.4R2; 21.1R1; This issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information.\n\nThis issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
|
||||
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -96,7 +96,7 @@
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n• Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n• KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh\n"
|
||||
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
|
||||
@ -112,7 +112,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS).\n\nContinued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects very specific versions of Juniper Networks Junos OS:\n19.3R3-S2;\n19.4R3-S3;\n20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2;\n20.3 versions 20.3R2 and later, prior to 20.3R3;\n20.4 versions 20.4R2 and later, prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nJuniper Networks Junos OS 20.1 is not affected by this issue.\n\nThis issue also affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-S3-EVO, 20.4R3-EVO;\n21.1-EVO versions prior to 21.1R2-EVO;\n21.2-EVO versions prior to 21.2R2-EVO.\n"
|
||||
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -99,7 +99,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability.\n\nThis issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n19.2 versions prior to 19.2R3-S3;\n19.3 versions prior to 19.3R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nJuniper Networks Junos OS Evolved:\nversion 20.1R1-EVO and later versions, prior to 21.2R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.\n"
|
||||
"value": "An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability. This issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: version 20.1R1-EVO and later versions, prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -110,7 +110,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.\n\nThis issue affects Juniper Networks Junos OS:\nAll versions, including the following supported releases:\n12.3X48 versions prior to 12.3X48-D105;\n15.1X49 versions prior to 15.1X49-D220;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R3-S3;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R1-S1, 20.2R2;\n20.3 versions prior to 20.3R2;\n20.4 versions prior to 20.4R2;\n21.1 versions prior to 21.1R2."
|
||||
"value": "A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user.\n\nThe vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell.\n\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S1-EVO;\nAll versions of 21.1-EVO and 21.2-EVO.\n"
|
||||
"value": "A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -52,7 +52,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user.\n\nThe vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell.\n\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.3R2-S1-EVO;\n20.4 versions prior to 20.4R2-S2-EVO;\n21.1 versions prior to 21.1R2-EVO;\n21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.\n"
|
||||
"value": "A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user.\n\nThe vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell.\n\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-S2-EVO;\n21.1 versions prior to 21.1R2-EVO;\n21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
|
||||
"value": "A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -120,7 +120,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root.\n\nContinued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\nAll versions, including the following supported releases:\n15.1 versions prior to 15.1R7-S10;\n17.4 versions prior to 17.4R3-S5;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2.\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-S3-EVO;\nAll versions of 21.1-EVO.\n"
|
||||
"value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -120,7 +120,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\nAll versions, including the following supported releases:\n15.1 versions prior to 15.1R7-S10;\n17.4 versions prior to 17.4R3-S5;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2.\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-S3-EVO;\nAll versions of 21.1-EVO.\n"
|
||||
"value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -182,7 +182,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS).\nContinued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS on QFX Series:\nAll versions prior to 17.3R3-S11;\n17.4 versions prior to 17.4R2-S13, 17.4R3-S4;\n18.1 versions prior to 18.1R3-S12;\n18.2 versions prior to 18.2R2-S8, 18.2R3-S7;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7;\n19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4;\n19.2 versions prior to 19.2R1-S6, 19.2R3-S2;\n19.3 versions prior to 19.3R3-S1;\n19.4 versions prior to 19.4R2-S3, 19.4R3-S1;\n20.1 versions prior to 20.1R2, 20.1R3;\n20.2 versions prior to 20.2R2, 20.2R3;\n20.3 versions prior to 20.3R1-S1, 20.3R2.\n\nJuniper Networks Junos OS on PTX Series:\nAll versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S5;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -109,7 +109,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition.\n\nContinued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R3-S3;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R3;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R2-EVO;\n21.1 versions prior to 21.1R2-EVO."
|
||||
"value": "A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -94,7 +94,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps.\nIf a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. \n\nContinued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS\n19.2 version 19.2R2 and later versions prior to 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2;\n20.1 versions prior to 20.1R2-S1, 20.1R3;\n20.2 versions prior to 20.2R2-S1, 20.2R3;\n20.3 versions prior to 20.3R1-S2, 20.3R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.2R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.1R2-S3-EVO;\n20.3 versions prior to 20.3R1-S2-EVO.\n"
|
||||
"value": "In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS).\nContinued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition.\n\nThis issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action.\n\nAffected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series.\nThis issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2:\nAll versions prior to 17.4R3-S5;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R2."
|
||||
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -266,7 +266,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS).\n\nBy continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS EX4300 Series\nAll versions prior to 15.1R7-S7;\n16.1 versions prior to 16.1R7-S8;\n17.1 versions prior to 17.1R2-S12;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S10, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S3;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S2, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2.\n\nJuniper Networks Junos OS EX3400 and EX4300-MP Series\nAll versions prior to 18.1R3-S12;\n18.2 versions prior to 18.2R3-S7;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S7;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S4;\n19.2 versions prior to 19.2R3-S1;\n19.3 versions prior to 19.3R3-S1;\n19.4 versions prior to 19.4R3-S1;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R3;\n20.3 versions prior to 20.3R2.\n\nJuniper Networks Junos OS EX2300 Series\nAll versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R2."
|
||||
"value": "An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -129,7 +129,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition.\nContinued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS\n15.1 versions prior to 15.1R7-S9;\n17.3 versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R3-S5;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R3-S3;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2."
|
||||
"value": "An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause a crash by sending a specific username. This impacts authentication, authorization, and accounting (AAA) services on the MX devices and leads to a Denial of Service (DoS) condition. Continued receipted of these PPP login request will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -98,7 +98,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. \nContinued receipted of these packets will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S6;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nJuniper Networks Junos Evolved is not affected."
|
||||
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port.\nContinued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself.\n\nAn indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output:\n\n user@host> show system processes extensive \n ...\n PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\n 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0}\n 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que}\nThis issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710:\nAll versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R2-S8, 18.4R3-S9;\n19.1 versions prior to 19.1R3-S5;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R2."
|
||||
"value": "An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -110,7 +110,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of specific traffic is processed by this service-set, for some of the other traffic which has services applied and is being processed by this MS-MPC/MS-MIC drops will be observed.\nContinued receipted of this high rate of specific traffic will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS on MX Series with MS-MPC/MS-MIC:\nAll versions prior to 17.4R3-S5;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
"value": "On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of specific traffic is processed by this service-set, for some of the other traffic which has services applied and is being processed by this MS-MPC/MS-MIC drops will be observed. Continued receipted of this high rate of specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series with MS-MPC/MS-MIC: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -110,7 +110,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS).\n\nContinued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition.\nThis issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series:\nAll versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R3-S5;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S2, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
"value": "An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -110,7 +110,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5110 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability.\n \n\n\nThis issue affects:\nJuniper Networks Junos OS on QFX5110 Series:\nAll versions prior to 17.3R3-S12;\n18.1 versions prior to 18.1R3-S13;\n18.3 versions prior to 18.3R3-S5;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R3-S5;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2;\n"
|
||||
"value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5110 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects: Juniper Networks Junos OS on QFX5110 Series: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2;"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device.\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R3-S3;\n19.3 versions prior to 19.3R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2;\n\n"
|
||||
"value": "An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2;"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -99,7 +99,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions.\nThis issue affects:\nJuniper Networks Junos OS on SRX Series:\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S8;\n19.1 versions prior to 19.1R3-S5;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R2-S1, 20.3R3.\n"
|
||||
"value": "A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -116,7 +116,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). \nContinued receipt and processing of this message will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects both IBGP and EBGP deployments over IPv4 or IPv6.\nThis issue affects:\nJuniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S11;\n17.4 versions prior to 17.4R2-S13, 17.4R3-S4;\n18.1 versions prior to 18.1R3-S12;\n18.2 versions prior to 18.2R2-S8, 18.2R3-S7;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7;\n19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4;\n19.2 versions prior to 19.2R1-S6, 19.2R3-S1;\n19.3 versions prior to 19.3R2-S5, 19.3R3-S1;\n19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R2;\n20.3 versions prior to 20.3R1-S1, 20.3R2.\n\nJuniper Networks Junos OS Evolved:\n20.3 versions prior to 20.3R2-EVO."
|
||||
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -99,7 +99,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated.\nThis issue affects:\nJuniper Networks Junos OS\n12.3 versions prior to 12.3R12-S18;\n15.1 versions prior to 15.1R7-S9;\n17.2 versions prior to 17.2R3-S3;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S3;\n18.3 versions prior to 18.3R3-S1;\n18.4 versions prior to 18.4R3;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R2;\n19.3 versions prior to 19.3R2.\n\n\n\n"
|
||||
"value": "An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -51,7 +51,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Input Validation vulnerability in Packet Forwarding Engine manager (FXPC) process of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending specific DHCPv6 packets to the device and crashing the FXPC service. \nContinued receipt and processing of this specific packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects only the following platforms in ACX Series:\nACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 devices.\n\nOther ACX platforms are not affected from this issue.\nThis issue affects Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096:\n18.4 version 18.4R3-S7 and later versions prior to 18.4R3-S8.\n\nThis issue does not affect:\nJuniper Networks Junos OS 18.4 versions prior to 18.4R3-S7 on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096."
|
||||
"value": "An Improper Input Validation vulnerability in Packet Forwarding Engine manager (FXPC) process of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending specific DHCPv6 packets to the device and crashing the FXPC service. Continued receipt and processing of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms in ACX Series: ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096 devices. Other ACX platforms are not affected from this issue. This issue affects Juniper Networks Junos OS on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096: 18.4 version 18.4R3-S7 and later versions prior to 18.4R3-S8. This issue does not affect: Juniper Networks Junos OS 18.4 versions prior to 18.4R3-S7 on ACX500, ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX5048, ACX5096."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -108,7 +108,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to crash and restart, causing a Denial of Service (DoS). \n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition. \n\n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S9;\n17.3 versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R2-S13, 17.4R3-S5;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R2-S8, 18.4R3-S7;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S5;\n19.2 versions prior to 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R2-S3, 20.2R3;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R1-S1, 20.4R2."
|
||||
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to crash and restart, causing a Denial of Service (DoS). Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -124,7 +124,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a \"Terminating\" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this \"Terminating\" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the \"Terminating\" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the \"Terminating\" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the \"Terminating\" state thereby creating a persistent Denial of Service to the subscriber.\n\nAn indicator of compromise may be seen by displaying the output of \"show subscribers summary\". The presence of subscribers in the \"Terminating\" state may indicate the issue is occurring.\n\nThis issue affects:\nJuniper Networks Junos OS\n17.3 versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R3-S5;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R2-S8, 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nThis issue does not affect:\nJuniper Networks Junos OS\n12.3 version 12.3R1 and later versions;\n15.1 version 15.1R1 and later versions. \n"
|
||||
"value": "In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a \"Terminating\" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request. These spoofed messages cause the Junos OS General Authentication Service (authd) daemon to force the broadband subscriber into this \"Terminating\" state which the subscriber will not recover from thereby causing a Denial of Service (DoS) to the endpoint device. Once in the \"Terminating\" state, the endpoint subscriber will no longer be able to access the network. Restarting the authd daemon on the Junos OS device will temporarily clear the subscribers out of the \"Terminating\" state. As long as the attacker continues to send these spoofed packets and subscribers request to be logged out, the subscribers will be returned to the \"Terminating\" state thereby creating a persistent Denial of Service to the subscriber. An indicator of compromise may be seen by displaying the output of \"show subscribers summary\". The presence of subscribers in the \"Terminating\" state may indicate the issue is occurring. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect: Juniper Networks Junos OS 12.3 version 12.3R1 and later versions; 15.1 version 15.1R1 and later versions."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets.\n\nContinued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. \n\nThis issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards.\n\nAn indicator of compromise is the output: \n FPC [\"FPC ID\" # e.g. \"0\"]\n PFE #{PFE ID # e.g. \"1\"]\n : Fabric Disabled\n\nExample: \n FPC 0\n PFE #1\n : Fabric Disabled\n\nwhen using the command:\n show chassis fabric fpcs\n\nAn example of a healthy result of the command use would be: \n user@device-re1> show chassis fabric fpcs \n Fabric management FPC state:\n FPC 0\n PFE #0\n Plane 0: Plane enabled\n Plane 1: Plane enabled\n Plane 2: Plane enabled\n Plane 3: Plane enabled\n Plane 4: Plane enabled\n Plane 5: Plane enabled\n Plane 6: Plane enabled\n Plane 7: Plane enabled\nThis issue affects:\nJuniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards.\n17.2 version 17.2R1 and later versions;\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R2-S6, 18.2R3-S3;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S5, 19.3R3.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R1."
|
||||
"value": "An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC [\"FPC ID\" # e.g. \"0\"] PFE #{PFE ID # e.g. \"1\"] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -207,7 +207,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS.\n\nInterfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them.\n\nThese firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments.\n\nThis issue affects Juniper Networks Junos OS on PTX1000 System:\n17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R3-S5;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8;\n19.1 versions prior to 19.1R3-S5;\n19.2 versions prior to 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S3;\n19.4 versions prior to 19.4R2-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R2-S3, 20.2R3;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R1-S1, 20.4R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System.\n\nThis issue affects Juniper Networks Junos OS on PTX10002-60C System:\n18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9;\n19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2;\n21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System.\n \nThis issue impacts all filter families (inet, inet6, etc.) and all loopback filters.\n\nIt does not rely upon the location where a filter is set, impacting both logical and physical interfaces.\n"
|
||||
"value": "On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -95,7 +95,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). \n\nContinued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS\n19.2 versions prior to 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R2-S3, 20.2R3;\n20.3 versions prior to 20.3R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.\n\nJuniper Networks Junos OS Evolved\n20.1 versions prior to 20.1R3-EVO;\n20.2 versions prior to 20.2R3-EVO;\n20.3 versions prior to 20.3R2-EVO.\n\n"
|
||||
"value": "In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -62,7 +62,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web.\n \nThis issue affects:\nJuniper Networks Junos OS SRX Series\n20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. "
|
||||
"value": "Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -138,8 +138,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.juniper.net/"
|
||||
"refsource": "MISC",
|
||||
"url": "https://kb.juniper.net/",
|
||||
"name": "https://kb.juniper.net/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -111,7 +111,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root.\n\nThis issue affects:\nJuniper Networks Junos OS\n12.3 versions prior to 12.3R12-S19;\n15.1 versions prior to 15.1R7-S10;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R2-S2, 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
"value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -115,7 +115,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device.\nThis issue affects:\nJuniper Networks Junos OS\n12.3 versions prior to 12.3R12-S20;\n15.1 versions prior to 15.1R7-S11;\n18.3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R2."
|
||||
"value": "A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.\n"
|
||||
"value": "Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user