Juniper: >> Srx4120 Security Vulnerabilities
An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS).
An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart.
The following command can be used to monitor the resource usage:
user@host> show system processes extensive | match mgd | count
This issue affects Junos OS on SRX Series and EX Series:
All versions before 21.4R3-S7,
from 22.2 before 22.2R3-S4,
from 22.3 before 22.3R3-S3,
from 22.4 before 22.4R3-S2,
from 23.2 before 23.2R2-S1,
from 23.4 before 23.4R1-S2, 23.4R2.
CVSS Score
8.7
EPSS Score
0.002
Published
2024-10-11
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system.
Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.
This issue affects Junos OS on SRX Series:
* All versions before 21.4R3-S8,
* 22.2 before 22.2R3-S5,
* 22.3 before 22.3R3-S4,
* 22.4 before 22.4R3-S4,
* 23.2 before 23.2R2-S2,
* 23.4 before 23.4R2.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-10-11
An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).
Continued receipt and processing of these specific packets will sustain the Denial of Service condition.
The memory usage can be monitored using the below command.
user@host> show usp memory segment sha data objcache jsf
This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:
* 20.4 before 20.4R3-S10,
* 21.2 before 21.2R3-S6,
* 21.3 before 21.3R3-S5,
* 21.4 before 21.4R3-S6,
* 22.1 before 22.1R3-S4,
* 22.2 before 22.2R3-S2,
* 22.3 before 22.3R3-S1,
* 22.4 before 22.4R3,
* 23.2 before 23.2R2.
CVSS Score
8.7
EPSS Score
0.005
Published
2024-07-11
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).
This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S2,
* from 22.2 before 22.2R3-S1,
* from 22.3 before 22.3R2-S1, 22.3R3,
* from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.
CVSS Score
8.7
EPSS Score
0.004
Published
2024-07-11
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.
While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.
This issue affects Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2.
CVSS Score
7.7
EPSS Score
0.006
Published
2024-07-10
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.
This issue affects Junos OS on SRX Series:
* 21.4 versions before 21.4R3-S7.9,
* 22.1 versions before 22.1R3-S5.3,
* 22.2 versions before 22.2R3-S4.11,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R3.
This issue affects Junos OS on NFX Series:
* 21.4 versions before 21.4R3-S8,
* 22.1 versions after 22.1R1,
* 22.2 versions before 22.2R3-S5,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R3.
Junos OS versions prior to 21.4R1 are not affected by this issue.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-07-01
Page 3