Vulnerabilities

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).<br /> <br /> If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.<br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * all versions before 21.2R3-S7, <br /> <br /> * from 21.3 before 21.3R3-S5, <br /> <br /> * from 21.4 before 21.4R3-S5, <br /> <br /> * from 22.1 before 22.1R3-S5, <br /> <br /> * from 22.2 before 22.2R3-S3, <br /> <br /> * from 22.3 before 22.3R3-S2, <br /> <br /> * from 22.4 before 22.4R3, <br /> <br /> * from 23.2 before 23.2R1-S2, 23.2R2.<br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * all versions before 21.2R3-S7-EVO, <br /> <br /> * from 21.3-EVO before 21.3R3-S5-EVO, <br /> <br /> * from 21.4-EVO before 21.4R3-S5-EVO, <br /> * from 22.2-EVO before 22.2R3-S3-EVO, <br /> <br /> * from 22.3-EVO before 22.3R3-S2-EVO, <br /> <br /> * from 22.4-EVO before 22.4R3-EVO, <br /> <br /> * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.<br /> <br /> <br /> <br /> This is a related but separate issue than the one described in JSA75739

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.<br /> <br /> The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.<br /> <br /> <br /> <br /> <br /> This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.<br /> <br /> This issue affects Juniper Networks<br /> Junos OS:<br /> * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;<br /> * 21.2 versions earlier than 21.2R3-S7;<br /> * 21.3 versions earlier than 21.3R3-S5;<br /> * 21.4 versions earlier than 21.4R3-S5;<br /> * 22.1 versions earlier than 22.1R3-S4;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S1;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R1-S2, 23.2R2;<br /> <br /> <br /> <br /> Junos OS Evolved:<br /> * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;<br /> * 21.2-EVO versions earlier than 21.2R3-S7-EVO;<br /> * 21.3-EVO versions earlier than 21.3R3-S5-EVO;<br /> * 21.4-EVO versions earlier than 21.4R3-S5-EVO;<br /> * 22.1-EVO versions earlier than 22.1R3-S4-EVO;<br /> * 22.2-EVO versions earlier than 22.2R3-S3-EVO;<br /> * 22.3-EVO versions earlier than 22.3R3-S1-EVO;<br /> * 22.4-EVO versions earlier than 22.4R3-EVO;<br /> * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;<br /> <br /> <br /> <br /> This issue does not affect Juniper Networks<br /> * Junos OS versions earlier than 20.4R1;<br /> * Junos OS Evolved versions earlier than 20.4R1-EVO.<br /> <br /> <br /> <br /> This is a related but separate issue than the one described in JSA79095.

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> <br /> <br /> Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device.<br /> <br /> <br /> <br /> This issue affects Juniper Networks Junos OS:<br /> * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6;<br /> * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4;<br /> * 22.2 version <br /> <br /> 22.2R2<br /> <br /> and later versions earlier than 22.2R3-S2;<br /> * 22.3 version <br /> <br /> 22.3R2 <br /> <br /> and later versions earlier than 22.3R3-S1;<br /> <br /> * 22.4 versions earlier than 22.4R2-S2, 22.4R3;<br /> * 23.2 versions earlier than 23.2R1-S1, 23.2R2.<br /> <br /> <br /> <br /> <br /> This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS).<br /> <br /> If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart.<br /> <br /> The iked process memory consumption can be checked using the below command:<br />   user@host&gt; show system processes extensive | grep iked<br />           PID USERNAME   PRI NICE   SIZE   RES   STATE   C TIME WCPU COMMAND<br />           56903 root       31   0     4016M 2543M CPU0   0 2:10 10.50% iked<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> * All versions earlier than 20.4R3-S9;<br /> * 21.2 versions earlier than 21.2R3-S7;<br /> * 21.3 versions earlier than 21.3R3-S5;<br /> * 21.4 versions earlier than 21.4R3-S4;<br /> * 22.1 versions earlier than 22.1R3-S3;<br /> * 22.2 versions earlier than 22.2R3-S2;<br /> * 22.3 versions earlier than 22.3R3;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).<br /> <br /> In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached, new sessions can&amp;#39;t be established anymore. A similar behavior will be seen for telnet etc.<br /> <br /> Stuck mgd processes can be monitored by executing the following command:<br /> <br />   user@host&gt; show system processes extensive | match mgd | match sbwait<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> * All versions earlier than 20.4R3-S9;<br /> * 21.2 versions earlier than 21.2R3-S7;<br /> * 21.3 versions earlier than 21.3R3-S5;<br /> * 21.4 versions earlier than 21.4R3-S5;<br /> * 22.1 versions earlier than 22.1R3-S4;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S2;<br /> * 22.4 versions earlier than 22.4R3;<br /> * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.<br /> <br /> Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.<br /> <br /> This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> 21.4 versions from 21.4R3 earlier than 21.4R3-S5;<br /> 22.2 versions from 22.2R2 earlier than 22.2R3-S2;<br /> 22.3 versions from 22.3R1 earlier than 22.3R2-S2;<br /> 22.3 versions from 22.3R3 earlier than 22.3R3-S1<br /> 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;<br /> 23.2 versions earlier than 23.2R1-S1, 23.2R2.

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). <br /> <br /> When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> * All versions before 21.2R3-S8-EVO;<br /> * from 21.4-EVO before 21.4R3-S6-EVO;<br /> * from 22.2-EVO before 22.2R3-S4-EVO;<br /> * from 22.3-EVO before 22.3R3-S3-EVO;<br /> * from 22.4-EVO before 22.4R3-EVO;<br /> * from 23.2-EVO before 23.2R2-EVO.<br /> * from 23.4-EVO before 23.4R1-S1-EVO.

Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.

Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.