An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover.
Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected.
The following log message can be seen when the issue occurs:
Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>])
This issue affects Juniper Networks Junos OS:
* All versions earlier than 20.4R3-S8;
* 21.1 versions earlier than 21.1R3-S4;
* 21.2 versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S3;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R2-S2, 22.1R3;
* 22.2 versions earlier than 22.2R2-S1, 22.2R3.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-12
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS).
On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash.
The NSD process has to be restarted to restore services.
If this issue occurs, it can be checked with the following command:
user@host> request security policies check
The following log message can also be observed:
Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>.
This issue affects:
Juniper Networks Junos OS on SRX 5000 Series
* All versions earlier than 20.4R3-S6;
* 21.1 versions earlier than 21.1R3-S5;
* 21.2 versions earlier than 21.2R3-S4;
* 21.3 versions earlier than 21.3R3-S3;
* 21.4 versions earlier than 21.4R3-S3;
* 22.1 versions earlier than 22.1R3-S1;
* 22.2 versions earlier than 22.2R3;
* 22.3 versions earlier than 22.3R2.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-01-12
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.
Continued receipt of this packet will cause a sustained Denial of Service condition.
This issue affects:
* Juniper Networks Junos OS:
* All versions prior to 20.4R3-S6;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S6-EVO;
* 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO versions prior to 21.3R3-S3-EVO;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-EVO;
* 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-13
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections.
This issue affects:
Juniper Networks Junos OS on QFX5000 Series and EX4000 Series
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2.
This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-13
An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS).
On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak.
To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs.
This issue affects:
Juniper Networks Junos OS QFX5000 Series:
* All versions prior to 20.4R3-S6;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R2-S2, 22.2R3;
* 22.3 versions prior to 22.3R2-S1, 22.3R3;
* 22.4 versions prior to 22.4R1-S2, 22.4R2.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-13
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).
On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.
This issue affects:
Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S1;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-13
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.
This issue affects Juniper Networks Junos OS:
* All versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S1.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-10-13
An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.
This issue affects Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.1-EVO version 21.1R1-EVO and later versions;
* 21.2-EVO versions prior to 21.2R3-S2-EVO;
* 21.3-EVO version 21.3R1-EVO and later versions;
* 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-13
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.
If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.
This issue affects Juniper Networks Junos OS on SRX Series and MX Series:
* 20.4 versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S2;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
This issue doesn't not affected releases prior to 20.4R1.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-10-13
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.
This issue affects Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S4;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3;
* 22.1 versions prior to 22.1R3;
* 22.2 versions prior to 22.2R1-S1, 22.2R2.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-13