Vulnerabilities

<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R3.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 19.1R3-S10;<br /> * 19.2 versions prior to 19.2R3-S7;<br /> * 19.3 versions prior to 19.3R3-S8;<br /> * 19.4 versions prior to 19.4R3-S12;<br /> * 20.2 versions prior to 20.2R3-S8;<br /> * 20.4 versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S1;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8-EVO;<br /> * 21.2 versions prior to 21.2R3-S6-EVO;<br /> * 21.3 versions prior to 21.3R3-S5-EVO;<br /> * 21.4 versions prior to 21.4R3-S4-EVO;<br /> * 22.1 versions prior to 22.1R3-S3-EVO;<br /> * 22.2 versions prior to 22.2R3-S1-EVO;<br /> * 22.3 versions prior to 22.3R3-EVO;<br /> * 22.4 versions prior to 22.4R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.<br /> <br /> Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS<br /> <br /> <br /> <br /> * All versions prior to 19.1R3-S10;<br /> * 19.2 versions prior to 19.2R3-S7;<br /> * 19.3 versions prior to 19.3R3-S8;<br /> * 19.4 versions prior to 19.4R3-S12;<br /> * 20.2 versions prior to 20.2R3-S8;<br /> * 20.4 versions prior to 20.4R3-S8;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S5;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S2;<br /> * 22.3 versions prior to 22.3R3-S1;<br /> * 22.4 versions prior to 22.4R2-S1;<br /> * 23.2 versions prior to 23.2R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog.<br /> <br /> This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.2R3-S6 on QFX5k;<br /> * 20.3 versions prior to 20.3R3-S5 on QFX5k;<br /> * 20.4 versions prior to 20.4R3-S5 on QFX5k;<br /> * 21.1 versions prior to 21.1R3-S4 on QFX5k;<br /> * 21.2 versions prior to 21.2R3-S3 on QFX5k;<br /> * 21.3 versions prior to 21.3R3-S2 on QFX5k;<br /> * 21.4 versions prior to 21.4R3 on QFX5k;<br /> * 22.1 versions prior to 22.1R3 on QFX5k;<br /> * 22.2 versions prior to 22.2R2 on QFX5k.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.<br /> <br /> Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.<br /> <br /> This issue affects:<br /> <br /> Juniper Networks Junos OS<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.1 versions prior to 21.1R3-S5;<br /> * 21.2 versions prior to 21.2R3-S5;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S3;<br /> * 22.1 versions prior to 22.1R3-S2;<br /> * 22.2 versions prior to 22.2R2-S2, 22.2R3;<br /> * 22.3 versions prior to 22.3R1-S2, 22.3R2.<br /> <br /> <br /> <br /> <br /> Juniper Networks Junos OS Evolved<br /> <br /> <br /> <br /> * All versions prior to 21.4R3-S3-EVO;<br /> * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;<br /> * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.<br /> <br /> An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.<br /> <br /> Use the following command to determine if FPC0 has gone missing from the device.<br /> <br /> show chassis fpc detail<br /> This issue affects:<br /> <br /> Juniper Networks Junos OS on QFX5000 Series, EX4600 Series:<br /> <br /> <br /> <br /> * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3;<br /> * 22.2 versions prior to 22.2R3-S1;<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3;<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).<br /> <br /> Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device.<br /> <br /> This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’).<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8, 20.4R3-S9;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S5;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3-S2;<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3;<br /> * 22.4 versions prior to 22.4R2-S1, 22.4R3;<br /> <br /> <br /> <br /> <br /> <br /> <br />

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application&amp;#39;s backend database server.

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.

<br /> A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).<br /> <br /> Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.<br /> <br /> Note: This issue is not noticed when all the devices in the network are Juniper devices.<br /> <br /> This issue affects Juniper Networks:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S7;<br /> * 21.2 versions prior to 21.2R3-S5;<br /> * 21.3 versions prior to 21.3R3-S4;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3;<br /> * 22.3 versions prior to 22.3R3;<br /> * 22.4 versions prior to 22.4R3.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions prior to 22.3R3-EVO;<br /> * 22.4-EVO versions prior to 22.4R3-EVO;<br /> * 23.2-EVO versions prior to 23.2R1-EVO.<br /> <br /> <br /> <br /> <br /> <br /> <br />

<br /> A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".<br /> <br /> The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.<br /> <br /> expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw<br /> expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware<br /> expr_dfw_base_hw_add:52 Failed to add h/w sfm data.<br /> expr_dfw_base_hw_create:114 Failed to add h/w data.<br /> expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__<br /> expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0<br /> expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!<br /> expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure<br /> expr_dfw_bp_topo_handler:1102 Failed to program fnum.<br /> expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.<br /> This issue affects Juniper Networks Junos OS:<br /> <br /> on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S5;<br /> * 21.1 versions prior to 21.1R3-S4;<br /> * 21.2 versions prior to 21.2R3-S2;<br /> * 21.3 versions prior to 21.3R3;<br /> * 21.4 versions prior to 21.4R2-S2, 21.4R3;<br /> * 22.1 versions prior to 22.1R1-S2, 22.1R2.<br /> <br /> <br /> <br /> <br /> on PTX3000, PTX5000, QFX10000:<br /> <br /> <br /> <br /> * All versions prior to 20.4R3-S8;<br /> * 21.1 version 21.1R1 and later versions;<br /> * 21.2 versions prior to 21.2R3-S6;<br /> * 21.3 versions prior to 21.3R3-S5;<br /> * 21.4 versions prior to 21.4R3-S4;<br /> * 22.1 versions prior to 22.1R3-S3<br /> * 22.2 versions prior to 22.2R3-S1<br /> * 22.3 versions prior to 22.3R2-S2, 22.3R3<br /> * 22.4 versions prior to 22.4R2.<br /> <br /> <br /> <br /> <br /> <br /> <br />