Vulnerabilities

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.<br /> <br /> If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.<br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S7,<br /> * 21.1 versions before 21.1R3, <br /> * 21.2 versions before 21.2R2-S1, 21.2R3, <br /> * 21.3 versions before 21.3R1-S2, 21.3R2.

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.<br /> This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:<br /> <br /> <br /> <br /> * 20.4 versions from <br /> <br /> 20.4R3-S4<br /> <br /> before 20.4R3-S8,<br /> * 21.2 versions from <br /> <br /> 21.2R3-S2<br /> <br /> before 21.2R3-S6,<br /> * 21.4 versions from <br /> <br /> 21.4R2<br /> <br /> before 21.4R3-S4,<br /> <br /> * 22.1 versions from<br /> <br /> 22.1R2<br /> <br /> before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions before 22.4R2-S1, 22.4R3.

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).<br /> <br /> This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).<br /> This issue affects:<br /> Junos OS: <br /> <br /> <br /> * all versions before 20.4R3-S10, <br /> * from 21.2 before 21.2R3-S8,<br /> * from 21.3 before 21.3R3, <br /> * from 21.4 before 21.4R3, <br /> * from 22.1 before 22.1R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> * all versions before 21.2R3-S8-EVO,<br /> * from 21.3 before 21.3R3-EVO, <br /> * from 21.4 before 21.4R3-EVO, <br /> * from 22.1 before 22.1R2-EVO.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos).<br /> <br /> If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. <br /> <br /> This issue affects Junos OS: <br /> <br /> All versions before 20.4R3-S10,<br /> <br /> 21.2 versions before 21.2R3-S7,<br /> <br /> 21.4 versions before 21.4R3-S6.

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)<br /> <br /> of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).<br /> <br /> In an EVPN-VXLAN scenario, when <br /> <br /> state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.<br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8,<br /> * 21.2 versions before 21.2R3-S6,<br /> * 21.3 versions before 21.3R3-S5,<br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R3,,<br /> * 22.4 versions before 22.4R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8-EVO,<br /> * 21.2-EVO versions before 21.2R3-S6-EVO, <br /> * 21.3-EVO<br /> <br /> versions before 21.3R3-S5-EVO,<br /> * 21.4-EVO<br /> <br /> versions before 21.4R3-S4-EVO,<br /> * 22.1-EVO<br /> <br /> versions before 22.1R3-S3-EVO,<br /> * 22.2-EVO<br /> <br /> versions before 22.2R3-S1-EVO,<br /> * 22.3-EVO<br /> <br /> versions before 22.3R3-EVO,<br /> * 22.4-EVO<br /> <br /> versions before 22.4R2-EVO.

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.<br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S9,<br /> * 21.2 versions before 21.2R3-S5, <br /> * 21.3 versions before 21.3R3-S5, <br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S2,<br /> * 22.2 versions before 22.2R3-S2,<br /> * 22.3 versions before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions before 22.4R2.

<br /> IO-1020 Micro ELD downloads source code or an executable from an <br /> adjacent location and executes the code without sufficiently verifying <br /> the origin or integrity of the code.<br /> <br />

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.<br /> <br />

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.<br /> <br /> This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0.<br /> <br /> When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr.<br /> One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr&amp;#39;s health and ability to receive traffic.<br /> By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well.<br /> Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account.<br /> <br /> Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`.<br /> <br /> Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).<br /> <br /> Continued receipt and processing of these specific packets will sustain the Denial of Service condition.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.<br /> * All versions earlier than 21.2R3-S7;<br /> * 21.4 versions earlier than 21.4R3-S6;<br /> * 22.1 versions earlier than 22.1R3-S5;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S2;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R2.