Vulnerabilidades

*** Pendiente de traducción *** An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

*** Pendiente de traducción *** An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker&amp;#39;s control, to cause rpd to crash and restart, leading to a Denial of Service (DoS).<br /> <br /> With BGP sharding enabled, triggering route resolution of an indirect next-hop (e.g., an IGP route change over which a BGP route gets resolved), may cause rpd to crash and restart. An attacker causing continuous IGP route churn, resulting in repeated route re-resolution, will increase the likelihood of triggering this issue, leading to a potentially extended DoS condition.<br /> <br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * all versions before 21.4R3-S6, <br /> * from 22.1 before 22.1R3-S6, <br /> * from 22.2 before 22.2R3-S3, <br /> * from 22.3 before 22.3R3-S3, <br /> * from 22.4 before 22.4R3, <br /> * from 23.2 before 23.2R2; <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * all versions before 22.3R3-S3-EVO, <br /> * from 22.4 before 22.4R3-EVO, <br /> * from 23.2 before 23.2R2-EVO.<br /> <br /> <br /> <br /> <br /> Versions before Junos OS 21.3R1 and Junos OS Evolved 21.3R1-EVO are unaffected by this issue.

*** Pendiente de traducción *** A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS). <br /> <br /> Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.<br /> <br /> <br /> This issue affects Junos OS on SRX4700: <br /> <br /> <br /> <br /> * from 24.4 before 24.4R1-S3, 24.4R2<br /> <br /> <br /> This issue affects IPv4 and IPv6.

*** Pendiente de traducción *** A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a <br /> <br /> Denial-of-Service (DoS).<br /> <br /> Whenever specific valid multicast traffic is received on any layer 3 interface the evo-pfemand process crashes and restarts.<br /> <br /> Continued receipt of specific valid multicast traffic results in a sustained Denial of Service (DoS) attack. <br /> This issue affects Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509: <br /> <br /> <br /> <br /> * from 23.2R2-EVO before 23.2R2-S4-EVO, <br /> * from 23.4R1-EVO before 23.4R2-EVO.<br /> <br /> <br /> This issue affects IPv4 and IPv6. <br /> <br /> This issue does not affect Junos OS Evolved ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 versions before 23.2R2-EVO.

*** Pendiente de traducción *** An Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users&amp;#39; browsers when they access affected pages.This issue affects Juniper Security Director: <br /> <br /> * All versions before 24.1R4.

*** Pendiente de traducción *** A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. <br /> <br /> <br /> <br /> <br /> Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls.<br /> <br /> <br /> <br /> This issue affects Junos Space Security Director <br /> * all versions prior to 24.1R3 Patch V4<br /> <br /> <br /> This issue does not affect managed cSRX Series devices.

*** Pendiente de traducción *** An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

*** Pendiente de traducción *** A Buffer Copy without Checking Size of Input vulnerability in the <br /> <br /> Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.<br /> This issue affects Junos OS on SRX Series and MX Series: <br /> <br /> <br /> * All versions before 22.4R3-S7,<br /> * from 23.2 before 23.2R2-S4, <br /> * from 23.4 before 23.4R2-S5, <br /> * from 24.2 before 24.2R2.

*** Pendiente de traducción *** An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman&amp;#39;s memory to leak, eventually to cause the FPC crash and restart.<br /> <br /> Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.<br /> <br /> An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.<br /> <br />   user@device&gt; show system processes node fpc detail | match cfmman<br /> <br /> Example: <br /> <br />   show system processes node fpc0 detail | match cfmman <br />   F S UID       PID       PPID PGID   SID   C PRI NI  ADDR SZ    WCHAN   RSS     PSR STIME TTY         TIME     CMD<br />   4 S root      15204     1    15204  15204 0 80  0   - 90802     -      113652   4  Sep25 ?           00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml<br /> This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:<br /> <br /> * from 23.2R1-EVO before 23.2R2-S4-EVO, <br /> * from 23.4 before 23.4R2-S4-EVO, <br /> * from 24.2 before 24.2R2-EVO, <br /> * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.<br /> <br /> <br /> This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO.

*** Pendiente de traducción *** An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system.<br /> <br /> When a device isn&amp;#39;t configured with a root password, an attacker can modify a specific file. It&amp;#39;s contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown <br /> <br /> to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device.<br /> This exploit is persistent across reboots and even zeroization.<br /> <br /> The indicator of compromise is a modified /etc/config/-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC).<br /> <br /> To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media. <br /> <br /> This issue affects Junos OS on EX4600 Series and QFX5000 Series:<br /> <br /> <br /> <br /> * All versions before 21.4R3,<br /> * 22.2 versions before 22.2R3-S3.

*** Pendiente de traducción *** An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.<br /> <br /> When an output firewall filter is configured with one or more terms where the action is &amp;#39;reject&amp;#39;, packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.<br /> This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.<br /> <br /> This issue affects Junos OS Evolved on PTX Series:<br /> <br /> <br /> <br /> * all versions before 22.4R3-EVO,<br /> * 23.2 versions before 23.2R2-EVO.

*** Pendiente de traducción *** BBOT&amp;#39;s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.