Vulnerabilities

<br /> A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".<br /> <br /> The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.<br /> <br /> expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw<br /> expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware<br /> expr_dfw_base_hw_add:52 Failed to add h/w sfm data.<br /> expr_dfw_base_hw_create:114 Failed to add h/w data.<br /> expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__<br /> expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0<br /> expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!<br /> expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure<br /> expr_dfw_bp_topo_handler:1102 Failed to program fnum.<br /> expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.<br /> This issue affects Juniper Networks Junos OS:<br /> <br /> on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R3;<br /> * 21.4 versions prior to 21.4R2-S2, 21.4R3;<br /> * 22.1 versions prior to 22.1R1-S2, 22.1R2.<br /> <br /> <br /> <br /> <br /> on PTX3000, PTX5000, QFX10000:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3<br /> * 22.2 versions prior to 22.2R3-S1<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).<br /> <br /> This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S5;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S2;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R2-S2;<br /> * 22.4 versions prior to 22.4R2;<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.1 version 21.1R1-EVO and later versions;<br /> * 21.2 versions prior to 21.2R3-S5-EVO;<br /> * 21.3 versions prior to 21.3R3-S4-EVO;<br /> * 21.4 versions prior to 21.4R3-S3-EVO;<br /> * 22.1 versions prior to 22.1R3-S2-EVO;<br /> * 22.2 versions prior to 22.2R3-EVO;<br /> * 22.3 versions prior to 22.3R2-S2-EVO;<br /> * 22.4 versions prior to 22.4R1-S1-EVO;<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).<br /> <br /> An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.<br /> <br /> This issue affects interfaces with PPPoE configured and tcp-mss enabled.<br /> <br /> This issue affects Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R2-S2;<br /> * 22.4 versions prior to 22.4R2;<br /> <br /> <br /> <br /> <br /> <br /> <br />

SnapCenter versions 4.8 through 4.9 are susceptible to a <br /> vulnerability which may allow an authenticated SnapCenter Server user to<br /> become an admin user on a remote system where a SnapCenter plug-in has <br /> been installed.

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.<br /> <br /> <br /> <br /> <br /> KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.<br /> <br /> <br /> KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor&amp;#39;s knime.ini.<br /> <br /> <br />

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are <br /> susceptible to a vulnerability which may allow authenticated <br /> unprivileged users to modify email and snapshot name settings within the<br /> VMware vSphere user interface.<br /> <br /> <br />

SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a <br /> vulnerability which may allow an authenticated unprivileged user to gain<br /> access as an admin user.<br /> <br />

ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, <br /> 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow<br /> a remote unauthenticated attacker to cause a crash of the HTTP service.