Vulnerabilidades

*** Pendiente de traducción *** An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman&amp;#39;s memory to leak, eventually to cause the FPC crash and restart.<br /> <br /> Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.<br /> <br /> An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.<br /> <br />   user@device&gt; show system processes node fpc detail | match cfmman<br /> <br /> Example: <br /> <br />   show system processes node fpc0 detail | match cfmman <br />   F S UID       PID       PPID PGID   SID   C PRI NI  ADDR SZ    WCHAN   RSS     PSR STIME TTY         TIME     CMD<br />   4 S root      15204     1    15204  15204 0 80  0   - 90802     -      113652   4  Sep25 ?           00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml<br /> This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:<br /> <br /> * from 23.2R1-EVO before 23.2R2-S4-EVO, <br /> * from 23.4 before 23.4R2-S4-EVO, <br /> * from 24.2 before 24.2R2-EVO, <br /> * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.<br /> <br /> <br /> This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO.

*** Pendiente de traducción *** An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system.<br /> <br /> When a device isn&amp;#39;t configured with a root password, an attacker can modify a specific file. It&amp;#39;s contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown <br /> <br /> to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device.<br /> This exploit is persistent across reboots and even zeroization.<br /> <br /> The indicator of compromise is a modified /etc/config/-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC).<br /> <br /> To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media. <br /> <br /> This issue affects Junos OS on EX4600 Series and QFX5000 Series:<br /> <br /> <br /> <br /> * All versions before 21.4R3,<br /> * 22.2 versions before 22.2R3-S3.

*** Pendiente de traducción *** An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.<br /> <br /> When an output firewall filter is configured with one or more terms where the action is &amp;#39;reject&amp;#39;, packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.<br /> This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.<br /> <br /> This issue affects Junos OS Evolved on PTX Series:<br /> <br /> <br /> <br /> * all versions before 22.4R3-EVO,<br /> * 23.2 versions before 23.2R2-EVO.

*** Pendiente de traducción *** BBOT&amp;#39;s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

*** Pendiente de traducción *** A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.<br /> <br /> <br /> <br /> If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker&amp;#39;s uploaded image to VMware NSX instead of a legitimate one.<br /> <br /> <br /> <br /> <br /> <br /> This issue affects Security Director Policy Enforcer:  <br /> <br /> <br /> <br /> * All versions before 23.1R1 Hotpatch v3.<br /> <br /> <br /> This issue does not affect Junos Space Security Director Insights.

*** Pendiente de traducción *** BBOT&amp;#39;s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.

*** Pendiente de traducción *** BBOT&amp;#39;s gitdumper module could be abused to execute commands through a malicious git repository.

*** Pendiente de traducción *** BBOT&amp;#39;s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.

*** Pendiente de traducción *** A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file.

*** Pendiente de traducción *** Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path.

*** Pendiente de traducción *** Insufficient escaping in the report scheduler within Checkmk

*** Pendiente de traducción *** Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).