Vulnerabilidades

*** Pendiente de traducción *** An Incorrect Calculation vulnerability in the Layer 2 Control<br /> <br /> Protocol <br /> <br /> Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while generating a flood of logs, resulting in high CPU usage.<br /> <br /> When the issue is seen, the following log message will be generated:<br /> <br /> op:1 flag:0x6 mac:xx:xx:xx:xx:xx:xx bd:2 ifl:13302 reason:0(REASON_NONE) i-op:6(INTRNL_OP_HW_FORCE_DELETE) status:10 lstatus:10 err:26(GETIFBD_VALIDATE_FAILED) err-reason 4(IFBD_VALIDATE_FAIL_EPOCH_MISMATCH) hw_wr:0x4 ctxsync:0 fwdsync:0 rtt-id:51 p_ifl:0 fwd_nh:0 svlbnh:0 event:- smask:0x100000000 dmask:0x0 mplsmask 0x1 act:0x5800 extf:0x0 pfe-id 0 hw-notif-ifl 13302 programmed-ifl 4294967295 pseudo-vtep underlay-ifl-idx 0 stack:GET_MAC, ALLOCATE_MAC, GET_IFL, GET_IFF, GET_IFBD, STOP, <br /> <br /> <br /> This issue affects Junos OS Evolved: <br /> <br /> * all versions before 21.4R3-S7-EVO, <br /> * from 22.2 before 22.2R3-S4-EVO, <br /> * from 22.3 before 22.3R3-S3-EVO, <br /> * from 22.4 before 22.4R3-S2-EVO, <br /> * from 23.2 before 23.2R2-S1-EVO, <br /> * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.

*** Pendiente de traducción *** A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the &amp;#39;show system firmware&amp;#39; CLI command to cause an LC480 or LC2101 line card to reset.<br /> <br /> On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the &amp;#39;show system firmware&amp;#39; CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series: <br /> <br /> <br /> <br /> * all versions before 21.2R3-S10, <br /> * from 21.4 before 21.4R3-S9, <br /> * from 22.2 before 22.2R3-S7, <br /> * from 22.4 before 22.4R3-S6, <br /> * from 23.2 before 23.2R2-S2, <br /> * from 23.4 before 23.4R2-S3, <br /> * from 24.2 before 24.2R2.

*** Pendiente de traducción *** An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.<br /> <br /> <br /> <br /> <br /> The following reboot reason can be seen in the output of &amp;#39;show chassis routing-engine&amp;#39; and as a log message:<br /> <br />   reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump <br /> <br /> <br /> <br /> <br /> This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:<br /> <br /> <br /> <br /> * 24.4 versions before 24.4R2,<br /> * 25.2 versions before 25.2R1-S2, 25.2R2.<br /> <br /> <br /> <br /> <br /> This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

*** Pendiente de traducción *** An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).<br /> <br /> If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.<br /> <br /> This issue affects Junos OS on SRX Series:<br /> <br /> * all versions before 22.4R3-S8,<br /> * 23.2 versions before 23.2R2-S5,<br /> * 23.4 versions before 23.4R2-S6,<br /> * 24.2 versions before 24.2R2-S3,<br /> * 24.4 versions before 24.4R2-S2,<br /> * 25.2 versions before 25.2R1-S1, 25.2R2.

*** Pendiente de traducción *** An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.<br /> This issue affects Junos OS on SRX Series:<br /> <br /> <br /> <br /> * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, <br /> * 23.4 versions from 23.4R2-S1 before 23.4R2-S5,<br /> * 24.2 versions before 24.2R2-S2,<br /> * 24.4 versions before 24.4R1-S3, 24.4R2.<br /> <br /> <br /> Earlier versions of Junos are also affected, but no fix is available.

*** Pendiente de traducción *** An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.<br /> <br /> When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.<br /> <br /> Note that PMI with GRE performance acceleration is only supported on specific SRX platforms.<br /> This issue affects Junos OS on the SRX Series:<br /> <br /> <br /> <br /> * all versions before 21.4R3-S12, <br /> * from 22.4 before 22.4R3-S8, <br /> * from 23.2 before 23.2R2-S5, <br /> * from 23.4 before 23.4R2-S5, <br /> * from 24.2 before 24.2R2-S3, <br /> * from 24.4 before 24.4R2-S1, <br /> * from 25.2 before 25.2R1-S1, 25.2R2.

*** Pendiente de traducción *** A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.

*** Pendiente de traducción *** A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.<br /> <br /> The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker&amp;#39;s direct control due to the specific timing of the two events required to execute the vulnerable code path.<br /> <br /> This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.<br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> <br /> * from 23.2R2-S1 before 23.2R2-S5, <br /> * from 23.4R2 before 23.4R2-S6, <br /> * from 24.2 before 24.2R2-S3, <br /> * from 24.4 before 24.4R2-S1, <br /> * from 25.2 before 25.2R1-S2, 25.2R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * from 23.2R2-S1 before 23.2R2-S5-EVO, <br /> * from 23.4R2 before 23.4R2-S6-EVO, <br /> * from 24.2 before 24.2R2-S3-EVO, <br /> * from 24.4 before 24.4R2-S1-EVO, <br /> * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.

*** Pendiente de traducción *** A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.<br /> <br /> Memory usage can be monitored through the use of the &amp;#39;show task memory detail&amp;#39; command. For example:<br /> <br /> user@junos&gt; show task memory detail | match ted-infra<br />   TED-INFRA-COOKIE           25   1072     28   1184     229<br /> <br /> <br /> <br /> user@junos&gt; <br /> <br /> show task memory detail | match ted-infra<br />   TED-INFRA-COOKIE           31   1360     34   1472     307<br /> <br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> * from 23.2 before 23.2R2, <br /> * from 23.4 before 23.4R1-S2, 23.4R2, <br /> * from 24.1 before 24.1R2; <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> * from 23.2 before 23.2R2-EVO, <br /> * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, <br /> * from 24.1 before 24.1R2-EVO.<br /> <br /> <br /> This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

*** Pendiente de traducción *** An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).<br /> <br /> On all EX4k and QFX5k platforms, a link flap in an<br /> <br /> EVPN-VXLAN configuration Link Aggregation Group (LAG)<br /> results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.<br /> <br /> This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.<br /> <br /> Service can only be restored by restarting the affected FPC via the &amp;#39;request chassis fpc restart slot &amp;#39; command.<br /> <br /> This issue affects Junos OS <br /> <br /> on EX4k and QFX5k Series: <br /> <br /> <br /> <br /> * all versions before 21.4R3-S12, <br /> * all versions of 22.2<br /> * from 22.4 before 22.4R3-S8, <br /> * from 23.2 before 23.2R2-S5, <br /> * from 23.4 before 23.4R2-S5, <br /> * from 24.2 before 24.2R2-S3,<br /> * from 24.4 before 24.4R2.

*** Pendiente de traducción *** An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).<br /> <br /> <br /> <br /> When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.<br /> <br /> This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.<br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * all versions before 21.2R3-S9, <br /> * from 21.4 before 21.4R3-S10, <br /> * from 22.2 before 22.2R3-S7, <br /> * from 22.3 before 22.3R3-S4, <br /> * from 22.4 before 22.4R3-S5, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S3, <br /> * from 24.2 before 24.2R1-S2, 24.2R2.

*** Pendiente de traducción *** A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS).<br /> <br /> <br /> <br /> Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.<br /> The issue was not seen when YANG packages for the specific sensors were installed. <br /> <br /> <br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * all versions before 22.4R3-S7,<br /> * 23.2 version before 23.2R2-S4,<br /> * 23.4 versions before 23.4R2.