Vulnerabilities

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos).<br /> <br /> If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. <br /> <br /> This issue affects Junos OS: <br /> <br /> All versions before 20.4R3-S10,<br /> <br /> 21.2 versions before 21.2R3-S7,<br /> <br /> 21.4 versions before 21.4R3-S6.

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)<br /> <br /> of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).<br /> <br /> In an EVPN-VXLAN scenario, when <br /> <br /> state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.<br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8,<br /> * 21.2 versions before 21.2R3-S6,<br /> * 21.3 versions before 21.3R3-S5,<br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R3,,<br /> * 22.4 versions before 22.4R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8-EVO,<br /> * 21.2-EVO versions before 21.2R3-S6-EVO, <br /> * 21.3-EVO<br /> <br /> versions before 21.3R3-S5-EVO,<br /> * 21.4-EVO<br /> <br /> versions before 21.4R3-S4-EVO,<br /> * 22.1-EVO<br /> <br /> versions before 22.1R3-S3-EVO,<br /> * 22.2-EVO<br /> <br /> versions before 22.2R3-S1-EVO,<br /> * 22.3-EVO<br /> <br /> versions before 22.3R3-EVO,<br /> * 22.4-EVO<br /> <br /> versions before 22.4R2-EVO.

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.<br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S9,<br /> * 21.2 versions before 21.2R3-S5, <br /> * 21.3 versions before 21.3R3-S5, <br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S2,<br /> * 22.2 versions before 22.2R3-S2,<br /> * 22.3 versions before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions before 22.4R2.

<br /> IO-1020 Micro ELD downloads source code or an executable from an <br /> adjacent location and executes the code without sufficiently verifying <br /> the origin or integrity of the code.<br /> <br />

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.<br /> <br />

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.<br /> <br /> This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0.<br /> <br /> When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr.<br /> One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr&amp;#39;s health and ability to receive traffic.<br /> By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well.<br /> Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account.<br /> <br /> Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`.<br /> <br /> Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).<br /> <br /> Continued receipt and processing of these specific packets will sustain the Denial of Service condition.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.<br /> * All versions earlier than 21.2R3-S7;<br /> * 21.4 versions earlier than 21.4R3-S6;<br /> * 22.1 versions earlier than 22.1R3-S5;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S2;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R2.

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. <br /> <br /> Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. <br /> <br /> This issue affects Juniper Networks JCNR:<br /> * All versions before 23.4.<br /> <br /> <br /> This issue affects Juniper Networks cRPD:<br /> * All versions before 23.4R1.

An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. <br /> <br /> This issue affects Juniper Networks<br /> <br /> Junos OS:<br /> * from 22.1 before 22.1R1-S2, 22.1R2.<br /> <br /> <br /> Junos OS Evolved: <br /> * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.

An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. <br /> <br /> This issue affects only IPv6 firewall filter.<br /> <br /> This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. <br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> * All versions before 20.4R3-S10,<br /> * from 21.2 before 21.2R3-S7,<br /> * from 21.4 before 21.4R3-S6.