| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. |
| An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).
After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.
This issue affects Junos Space:
* all versions before 22.2R1 Patch V3,
* from 23.1 before 23.1R1 Patch V3. |
| A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.
Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls.
This issue affects Junos Space Security Director
* all versions prior to 24.1R3 Patch V4
This issue does not affect managed cSRX Series devices. |
| An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system.
When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown
to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device.
This exploit is persistent across reboots and even zeroization.
The indicator of compromise is a modified /etc/config/<platform>-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC).
To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media.
This issue affects Junos OS on EX4600 Series and QFX5000 Series:
* All versions before 21.4R3,
* 22.2 versions before 22.2R3-S3. |
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.
If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one.
This issue affects Security Director Policy Enforcer:
* All versions before 23.1R1 Hotpatch v3.
This issue does not affect Junos Space Security Director Insights. |
| An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart.
Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.
An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.
user@device> show system processes node fpc<num> detail | match cfmman
Example:
show system processes node fpc0 detail | match cfmman
F S UID PID PPID PGID SID C PRI NI ADDR SZ WCHAN RSS PSR STIME TTY TIME CMD
4 S root 15204 1 15204 15204 0 80 0 - 90802 - 113652 4 Sep25 ? 00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml
This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:
* from 23.2R1-EVO before 23.2R2-S4-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO,
* from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.
This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO. |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4. |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4. |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4. |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4. |
| A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).
Memory can only be recovered by manually restarting rtlogd process.
The memory usage can be monitored using the below command.
user@host> show system processes extensive | match rtlog
This issue affects Junos OS on MX Series with SPC3 line card:
* from 21.2R3 before 21.2R3-S8,
* from 21.4R2 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3-S1,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2. |
| A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.
This issue affects Junos OS Evolved:
* All versions prior to 21.2R3-S8-EVO,
* 21.4 versions prior to 21.4R3-S6-EVO,
* 22.1 versions prior to 22.1R3-S5-EVO,
* 22.2 versions prior to 22.2R3-S3-EVO,
* 22.3 versions prior to 22.3R3-S3-EVO,
* 22.4 versions prior to 22.4R3-EVO,
* 23.2 versions prior to 23.2R2-EVO. |
| An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive.
Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S1, 24.2R2.
An indicator of compromise is to review the CPU % of the httpd process in the CLI:
e.g.
show system processes extensive | match httpd PID nobody 52 0 20M 191M select 2 0:01 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator |
| An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).
This issue can occur in two scenarios:
1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)
2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1.
The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
This issue affects Junos OS:
* All versions before 21.2R3-S4,
* 21.4 versions before 21.4R2,
* 22.2 versions before 22.2R3-S2;
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4 versions before 21.4R2-EVO. |
| A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.
When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.
This issue affects Juniper Networks Junos OS on SRX Series and EX Series:
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S6;
* 22.1 versions earlier than 22.1R3-S5;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
|
|
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).
On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
The memory usage can be monitored using the below commands.
user@host> show chassis routing-engine no-forwarding
user@host> show system memory | no-more
This issue affects:
Juniper Networks Junos OS
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S4;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S2;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R2-S1, 22.3R3;
* 22.4 versions earlier than 22.4R1-S2, 22.4R2.
This issue does not affect Junos OS versions earlier than 20.4R3-S7.
|
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
* 22.2 versions earlier than 22.2R2-S2, 22.2R3;
* 22.3 versions earlier than 22.3R2, 22.3R3.
Juniper Networks Junos OS Evolved
* 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.
This issue does not affect Juniper Networks:
Junos OS versions earlier than 22.2R1;
Junos OS Evolved versions earlier than 22.2R1-EVO.
|
|
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.
The memory usage can be monitored using the below command.
user@host> show task memory detail | match patroot
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 21.2R3-S3;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S3;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4 versions earlier than 21.4R3-EVO;
* 22.1 versions earlier than 22.1R3-EVO;
* 22.2 versions earlier than 22.2R3-EVO.
|
|
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS Evolved
* All versions earlier than 21.2R3-S7-EVO;
* 21.3 versions earlier than 21.3R3-S5-EVO ;
* 21.4 versions earlier than 21.4R3-S5-EVO;
* 22.1 versions earlier than 22.1R3-S4-EVO;
* 22.2 versions earlier than 22.2R3-S3-EVO ;
* 22.3 versions earlier than 22.3R3-EVO;
* 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.
|
