Juniper: >> Junos Os Evolved >> 22.4 Security Vulnerabilities
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.
This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:
* All versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 version 22.2R1-EVO and later versions;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-11
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.
This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:
Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1, 22.4R3.
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S4-EVO;
* 22.2 versions prior to 22.2R3-S2-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-11
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.
Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects
Junos OS:
* All versions before 20.4R3-S10,
* from 21.1R1 through 21.*,
* from 21.2 before 21.2R3-S5,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.2-EVO before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
CVSS Score
7.5
EPSS Score
0.009
Published
2023-09-01
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.
An indication that the system experienced this issue is the following log message:
<date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes
This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2 version 21.2R1-EVO and later versions;
21.3 version 21.3R1-EVO and later versions;
21.4 versions prior to 21.4R3-S3-EVO;
22.1 version 22.1R1-EVO and later versions;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-14
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.
This issue affects:
Juniper Networks Junos OS
15.1R1 and later versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.1 versions prior to 23.1R1-S1, 23.1R2.
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S8-EVO;
21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;
21.3 versions prior to 21.3R3-S5-EVO;
21.4 versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S4-EVO;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-21
Page 5