Vulnerabilities

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).<br /> <br /> When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning. <br /> <br /> This issue is only seen when telemetry subscription is active.<br /> <br /> The Heap memory utilization can be monitored using the following command:<br />   &gt; show system processes extensive<br /> <br /> The following command can be used to monitor the memory utilization of the specific sensor<br />   &gt; show system info | match sensord<br /> PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME<br /> <br /> 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32<br /> <br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * from 21.2R3-S5 before 21.2R3-S7, <br /> * from 21.4R3-S4 before 21.4R3-S6, <br /> * from 22.2R3 before 22.2R3-S4, <br /> * from 22.3R2 before 22.3R3-S2, <br /> * from 22.4R1 before 22.4R3, <br /> * from 23.2R1 before 23.2R2.

An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).<br /> <br /> On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.<br /> <br /> When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.<br /> <br /> This issue affects Junos OS:<br /> * All versions before 20.4R3-S10;<br /> * 21.2 versions before 21.2R3-S7;<br /> * 21.4 versions before 21.4R3-S6;<br /> * 22.1 versions before 22.1R3-S5;<br /> * 22.2 versions before 22.2R3-S3;<br /> * 22.3 versions before 22.3R3-S2;<br /> * 22.4 versions before 22.4R3-S1;<br /> * 23.2 versions before 23.2R2.

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.<br /> <br /> When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.<br /> <br /> This issue affects Junos OS Evolved: <br /> * from 23.2R2-EVO before 23.2R2-S1-EVO, <br /> * from 23.4R1-EVO before 23.4R2-EVO.

An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).<br /> <br /> When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.<br /> <br /> The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.<br /> This issue affects Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S9-EVO, <br /> * from 21.2-EVO before 21.2R3-S7-EVO, <br /> * from 21.3-EVO before 21.3R3-S5-EVO, <br /> * from 21.4-EVO before 21.4R3-S6-EVO, <br /> * from 22.1-EVO before 22.1R3-S4-EVO, <br /> * from 22.2-EVO before 22.2R3-S3-EVO, <br /> * from 22.3-EVO before 22.3R3-S3-EVO, <br /> * from 22.4-EVO before 22.4R3-EVO,<br /> * from 23.2-EVO before 23.2R2-EVO.

An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.<br /> <br /> This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.<br /> <br /> This issue affects Junos OS: <br /> * All versions before 20.4R3-S10, <br /> * from 21.4 before 21.4R3-S6, <br /> * from 22.1 before 22.1R3-S5, <br /> * from 22.2 before 22.2R3-S3, <br /> * from 22.3 before 22.3R3-S2, <br /> * from 22.4 before 22.4R3, <br /> * from 23.2 before 23.2R2;<br /> <br /> <br /> Junos OS Evolved: <br /> * All versions before 20.4R3-S10-EVO, <br /> * from 21.4-EVO before 21.4R3-S6-EVO, <br /> * from 22.1-EVO before 22.1R3-S5-EVO, <br /> * from 22.2-EVO before 22.2R3-S3-EVO, <br /> * from 22.3-EVO before 22.3R3-S2-EVO, <br /> * from 22.4-EVO before 22.4R3-EVO, <br /> * from 23.2-EVO before 23.2R2-EVO.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning