Juniper: >> Junos Os Evolved >> 22.1 Security Vulnerabilities
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.
If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.
CVE-2023-44196 is a prerequisite for this issue.
This issue affects Juniper Networks Junos OS Evolved:
* 21.3-EVO versions prior to 21.3R3-S5-EVO;
* 21.4-EVO versions prior to 21.4R3-S4-EVO;
* 22.1-EVO version 22.1R1-EVO and later;
* 22.2-EVO version 22.2R1-EVO and later;
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO.
This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-13
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.
When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.1-EVO version 21.1R1-EVO and later;
* 21.2-EVO versions prior to 21.2R3-S6-EVO;
* 21.3-EVO version 21.3R1-EVO and later;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-S4-EVO;
* 22.2-EVO versions prior to 22.2R3-S3-EVO;
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;
* 22.4-EVO versions prior to 22.4R2-EVO.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-13
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 22.1 versions prior to 22.1R3-S3;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R3.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-13
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 19.1R3-S10;
* 19.2 versions prior to 19.2R3-S7;
* 19.3 versions prior to 19.3R3-S8;
* 19.4 versions prior to 19.4R3-S12;
* 20.2 versions prior to 20.2R3-S8;
* 20.4 versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R2.
Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S1-EVO;
* 22.3 versions prior to 22.3R3-EVO;
* 22.4 versions prior to 22.4R2-EVO.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-13
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS
* All versions prior to 19.1R3-S10;
* 19.2 versions prior to 19.2R3-S7;
* 19.3 versions prior to 19.3R3-S8;
* 19.4 versions prior to 19.4R3-S12;
* 20.2 versions prior to 20.2R3-S8;
* 20.4 versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1;
* 23.2 versions prior to 23.2R2.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-13
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.
Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R2-S2, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved
* All versions prior to 21.4R3-S3-EVO;
* 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-10-13
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).
This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S8;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R3;
* 22.3 versions prior to 22.3R2-S2;
* 22.4 versions prior to 22.4R2;
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 version 21.1R1-EVO and later versions;
* 21.2 versions prior to 21.2R3-S5-EVO;
* 21.3 versions prior to 21.3R3-S4-EVO;
* 21.4 versions prior to 21.4R3-S3-EVO;
* 22.1 versions prior to 22.1R3-S2-EVO;
* 22.2 versions prior to 22.2R3-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO;
* 22.4 versions prior to 22.4R1-S1-EVO;
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-12
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.
This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:
* All versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S4-EVO;
* 22.2 versions 22.2R1-EVO and later;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
* 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-11
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.
This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:
* All versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 version 22.2R1-EVO and later versions;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-11
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.
This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:
Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1, 22.4R3.
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S4-EVO;
* 22.2 versions prior to 22.2R3-S2-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-11