A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-14
Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-04-14
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-03-23
A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions of Junos OS prior to 19.4R1.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-19
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-19
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-19
A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped. This issue affects: Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-01-19
A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). In a scenario where DHCP relay or local server is configured the problem can be triggered if a DHCPv4 packet with specific options is received leading to a corruption of the options read from the packet. This corruption can then lead to jdhcpd crash and restart. This issue affects: Juniper Networks Junos OS 17.4R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2, 21.2R3; 21.3 versions prior to 21.3R1-S1, 21.3R2.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-19
An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA <<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-19
An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-01-19