Vulnerabilities

<br /> An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.<br /> <br /> An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.<br /> <br /> Use the following command to determine if FPC0 has gone missing from the device.<br /> <br /> show chassis fpc detail<br /> This issue affects:<br /> <br /> Juniper Networks Junos OS on QFX5000 Series, EX4600 Series:<br /> <br /> <br /> <br /> * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S1;<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3;<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).<br /> <br /> Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device.<br /> <br /> This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’).<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8, 20.4R3-S9;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S5;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3-S2;<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3;<br /> * 22.4 versions prior to 22.4R2-S1, 22.4R3;<br /> <br /> <br /> <br /> <br /> <br /> <br />

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application&amp;#39;s backend database server.

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.

<br /> A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).<br /> <br /> Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> Note: This issue is not noticed when all the devices in the network are Juniper devices.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.2 versions prior to 21.2R3-S5;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R3.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 22.3R3-EVO;<br /> * 22.4-EVO versions prior to 22.4R3-EVO;<br /> * 23.2-EVO versions prior to 23.2R1-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".<br /> <br /> The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.<br /> <br /> expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw<br /> expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware<br /> expr_dfw_base_hw_add:52 Failed to add h/w sfm data.<br /> expr_dfw_base_hw_create:114 Failed to add h/w data.<br /> expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__<br /> expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0<br /> expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!<br /> expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure<br /> expr_dfw_bp_topo_handler:1102 Failed to program fnum.<br /> expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.<br /> This issue affects Juniper Networks Junos OS:<br /> <br /> on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R3;<br /> * 21.4 versions prior to 21.4R2-S2, 21.4R3;<br /> * 22.1 versions prior to 22.1R1-S2, 22.1R2.<br /> <br /> <br /> <br /> <br /> on PTX3000, PTX5000, QFX10000:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3<br /> * 22.2 versions prior to 22.2R3-S1<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).<br /> <br /> This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S5;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S2;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R2-S2;<br /> * 22.4 versions prior to 22.4R2;<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.1 version 21.1R1-EVO and later versions;<br /> * 21.2 versions prior to 21.2R3-S5-EVO;<br /> * 21.3 versions prior to 21.3R3-S4-EVO;<br /> * 21.4 versions prior to 21.4R3-S3-EVO;<br /> * 22.1 versions prior to 22.1R3-S2-EVO;<br /> * 22.2 versions prior to 22.2R3-EVO;<br /> * 22.3 versions prior to 22.3R2-S2-EVO;<br /> * 22.4 versions prior to 22.4R1-S1-EVO;<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).<br /> <br /> An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.<br /> <br /> This issue affects interfaces with PPPoE configured and tcp-mss enabled.<br /> <br /> This issue affects Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R2-S2;<br /> * 22.4 versions prior to 22.4R2;<br /> <br /> <br /> <br /> <br /> <br /> <br />

SnapCenter versions 4.8 through 4.9 are susceptible to a <br /> vulnerability which may allow an authenticated SnapCenter Server user to<br /> become an admin user on a remote system where a SnapCenter plug-in has <br /> been installed.

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.