CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrity or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
*
21.2 versions prior to 21.2R3-S8;
* 21.4
versions prior to
21.4R3-S6;
* 22.1
versions prior to
22.1R3-S5;
* 22.2
versions prior to
22.2R3-S3;
* 22.3
versions prior to
22.3R3-S2;
* 22.4 versions prior to 22,4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S2, 23.2R2.
Known exploited
CVSS Score
5.3
EPSS Score
0.105
Published
2023-09-27
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.
Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects
Junos OS:
* All versions before 20.4R3-S10,
* from 21.1R1 through 21.*,
* from 21.2 before 21.2R3-S5,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.2-EVO before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
CVSS Score
7.5
EPSS Score
0.013
Published
2023-09-01
CVE-2023-36844
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S1, 23.2R2.
Known exploited
CVSS Score
5.3
EPSS Score
0.943
Published
2023-08-17
CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to remotely execute code.
Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
This issue affects Juniper Networks Junos OS on EX Series
and
SRX Series:
* All versions prior to
20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-08-17
CVE-2023-36846
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Known exploited
CVSS Score
5.3
EPSS Score
0.943
Published
2023-08-17
CVE-2023-36847
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S4;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S1;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Known exploited
CVSS Score
5.3
EPSS Score
0.943
Published
2023-08-17
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS).
Upon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured.
This issue affects:
Juniper Networks Junos OS
All versions prior to 19.1R3-S10 on MX Series;
19.2 versions prior to 19.2R3-S7 on MX Series;
19.3 versions prior to 19.3R3-S8 on MX Series;
19.4 versions prior to 19.4R3-S12 on MX Series;
20.1 version 20.1R1 and later versions on MX Series;
20.2 versions prior to 20.2R3-S7 on MX Series;
20.3 version 20.3R1 and later versions on MX Series;
20.4 versions prior to 20.4R3-S7 on MX Series;
21.1 versions prior to 21.1R3-S5 on MX Series;
21.2 versions prior to 21.2R3-S4 on MX Series;
21.3 versions prior to 21.3R3-S4 on MX Series;
21.4 versions prior to 21.4R3-S3 on MX Series;
22.1 versions prior to 22.1R3-S2 on MX Series;
22.2 versions prior to 22.2R3 on MX Series;
22.3 versions prior to 22.3R2, 22.3R3 on MX Series;
22.4 versions prior to 22.4R2 on MX Series.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-14
An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).
When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.
This issue affects Juniper Networks Junos OS:
versions prior to 19.1R3-S10 on MX Series;
19.2 versions prior to 19.2R3-S7 on MX Series;
19.3 versions prior to 19.3R3-S8 on MX Series;
19.4 versions prior to 19.4R3-S12 on MX Series;
20.1 version 20.1R1 and later versions on MX Series;
20.2 versions prior to 20.2R3-S8 on MX Series;
20.3 version 20.3R1 and later versions on MX Series;
20.4 versions prior to 20.4R3-S7 on MX Series;
21.1 versions prior to 21.1R3-S5 on MX Series;
21.2 versions prior to 21.2R3-S5 on MX Series;
21.3 versions prior to 21.3R3-S4 on MX Series;
21.4 versions prior to 21.4R3-S4 on MX Series;
22.1 versions prior to 22.1R3-S3 on MX Series;
22.2 versions prior to 22.2R3-S1 on MX Series;
22.3 versions prior to 22.3R3 on MX Series;
22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-14
An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).
If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.
This issue affects Juniper Networks Junos OS on SRX Series:
All versions prior to 20.2R3-S7;
20.3 version 20.3R1 and later versions;
20.4 versions prior to 20.4R3-S6;
21.1 versions prior to 21.1R3-S5;
21.2 versions prior to 21.2R3-S4;
21.3 versions prior to 21.3R3-S4;
21.4 versions prior to 21.4R3-S3;
22.1 versions prior to 22.1R3-S1;
22.2 versions prior to 22.2R3;
22.3 versions prior to 22.3R2;
22.4 versions prior to 22.4R1-S1, 22.4R2.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-07-14
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.
This issue affects Juniper Networks Junos OS on MX Series:
All versions prior to 19.1R3-S10;
19.2 versions prior to 19.2R3-S7;
19.3 versions prior to 19.3R3-S8;
19.4 versions prior to 19.4R3-S12;
20.2 versions prior to 20.2R3-S8;
20.4 versions prior to 20.4R3-S7;
21.1 versions prior to 21.1R3-S5;
21.2 versions prior to 21.2R3-S5;
21.3 versions prior to 21.3R3-S4;
21.4 versions prior to 21.4R3-S3;
22.1 versions prior to 22.1R3-S2;
22.2 versions prior to 22.2R3;
22.3 versions prior to 22.3R2-S1, 22.3R3;
22.4 versions prior to 22.4R1-S2, 22.4R2.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-07-14