Vulnerabilities

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state.<br /> <br /> This issue affects Junos OS:  <br /> <br /> <br /> * 21.2 before 21.2R3-S7,<br /> * 21.4 before 21.4R3-S6, <br /> * 22.1 before 22.1R3-S5, <br /> * 22.2 before 22.2R3-S3,<br /> * 22.3 before 22.3R3-S2,<br /> * 22.4 before 22.4R3,<br /> <br /> * 23.2 before 23.2R1-S2, 23.2R2.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.<br /> <br /> <br /> This issue affects:<br /> Junos OS:<br /> * All versions earlier than 20.4R3-S10;<br /> * 21.2 versions earlier than 21.2R3-S7;<br /> * 21.4 versions earlier than 21.4R3-S5;<br /> * 22.1 versions earlier than 22.1R3-S4;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S1;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R1-S2, 23.2R2.<br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> * All versions earlier than 21.4R3-S5-EVO;<br /> * 22.1-EVO versions earlier than 22.1R3-S4-EVO;<br /> * 22.2-EVO versions earlier than 22.2R3-S3-EVO;<br /> * 22.3-EVO versions earlier than 22.3R3-S1-EVO;<br /> * 22.4-EVO versions earlier than 22.4R3-EVO;<br /> * 23.2-EVO versions earlier than 23.2R2-EVO.

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.<br /> <br /> Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow.<br /> This issue affects Junos OS on MX Series and EX9200-15C:<br /> <br /> <br /> * from 21.2 before 21.2R3-S1, <br /> * from 21.4 before 21.4R3, <br /> * from 22.1 before 22.1R2, <br /> * from 22.2 before 22.2R2; <br /> <br /> <br /> <br /> <br /> This issue does not affect:<br /> <br /> <br /> <br /> * versions of Junos OS prior to 20.3R1;<br /> * any version of Junos OS 20.4.

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).<br /> <br /> On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects:<br /> Junos OS:<br /> <br /> <br /> <br /> * all versions before 21.2R3-S6,<br /> <br /> * from 21.3 before 21.3R3-S5,<br /> <br /> * from 21.4 before 21.4R3-S5,<br /> <br /> * from 22.1 before 22.1R3-S3,<br /> <br /> * from 22.2 before 22.2R3-S1,<br /> <br /> * from 22.3 before 22.3R2-S2, 22.3R3,<br /> <br /> * from 22.4 before 22.4R2-S1, 22.4R3.

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.<br /> <br /> When an output firewall filter is applied to an interface it doesn&amp;#39;t recognize matching packets but permits any traffic.<br /> This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.<br /> This issue does not affect Junos OS releases earlier than 21.4R1.

An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane.<br /> <br /> When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn&amp;#39;t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded.<br /> This issue affects Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 21.4R3-S4-EVO,<br /> * 22.1-EVO versions before 22.1R3-S3-EVO,<br /> * 22.2-EVO versions before 22.2R3-S2-EVO, <br /> * 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.<br /> <br /> If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.<br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S7,<br /> * 21.1 versions before 21.1R3, <br /> * 21.2 versions before 21.2R2-S1, 21.2R3, <br /> * 21.3 versions before 21.3R1-S2, 21.3R2.

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.<br /> This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:<br /> <br /> <br /> <br /> * 20.4 versions from <br /> <br /> 20.4R3-S4<br /> <br /> before 20.4R3-S8,<br /> * 21.2 versions from <br /> <br /> 21.2R3-S2<br /> <br /> before 21.2R3-S6,<br /> * 21.4 versions from <br /> <br /> 21.4R2<br /> <br /> before 21.4R3-S4,<br /> <br /> * 22.1 versions from<br /> <br /> 22.1R2<br /> <br /> before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions before 22.4R2-S1, 22.4R3.

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).<br /> <br /> This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).<br /> This issue affects:<br /> Junos OS: <br /> <br /> <br /> * all versions before 20.4R3-S10, <br /> * from 21.2 before 21.2R3-S8,<br /> * from 21.3 before 21.3R3, <br /> * from 21.4 before 21.4R3, <br /> * from 22.1 before 22.1R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> * all versions before 21.2R3-S8-EVO,<br /> * from 21.3 before 21.3R3-EVO, <br /> * from 21.4 before 21.4R3-EVO, <br /> * from 22.1 before 22.1R2-EVO.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos).<br /> <br /> If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. <br /> <br /> This issue affects Junos OS: <br /> <br /> All versions before 20.4R3-S10,<br /> <br /> 21.2 versions before 21.2R3-S7,<br /> <br /> 21.4 versions before 21.4R3-S6.

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)<br /> <br /> of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).<br /> <br /> In an EVPN-VXLAN scenario, when <br /> <br /> state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.<br /> This issue affects:<br /> <br /> Junos OS: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8,<br /> * 21.2 versions before 21.2R3-S6,<br /> * 21.3 versions before 21.3R3-S5,<br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S3,<br /> * 22.2 versions before 22.2R3-S1,<br /> * 22.3 versions before 22.3R3,,<br /> * 22.4 versions before 22.4R2;<br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 20.4R3-S8-EVO,<br /> * 21.2-EVO versions before 21.2R3-S6-EVO, <br /> * 21.3-EVO<br /> <br /> versions before 21.3R3-S5-EVO,<br /> * 21.4-EVO<br /> <br /> versions before 21.4R3-S4-EVO,<br /> * 22.1-EVO<br /> <br /> versions before 22.1R3-S3-EVO,<br /> * 22.2-EVO<br /> <br /> versions before 22.2R3-S1-EVO,<br /> * 22.3-EVO<br /> <br /> versions before 22.3R3-EVO,<br /> * 22.4-EVO<br /> <br /> versions before 22.4R2-EVO.

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.<br /> <br /> This issue affects Junos OS:<br /> <br /> <br /> <br /> * All versions before 20.4R3-S9,<br /> * 21.2 versions before 21.2R3-S5, <br /> * 21.3 versions before 21.3R3-S5, <br /> * 21.4 versions before 21.4R3-S4,<br /> * 22.1 versions before 22.1R3-S2,<br /> * 22.2 versions before 22.2R3-S2,<br /> * 22.3 versions before 22.3R2-S2, 22.3R3,<br /> * 22.4 versions before 22.4R2.