Juniper: >> Junos Os Evolved >> 23.2 Security Vulnerabilities
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.016
Published
2024-07-10
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.
When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.
This issue affects Junos OS Evolved:
* from 23.2R2-EVO before 23.2R2-S1-EVO,
* from 23.4R1-EVO before 23.4R2-EVO.
CVSS Score
6.6
EPSS Score
0.002
Published
2024-07-10
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).
When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.
The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.
This issue affects Junos OS Evolved:
* All versions before 20.4R3-S9-EVO,
* from 21.2-EVO before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-10
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-10
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.
The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service. Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
all versions before 20.4R3-S9,
from 21.2 before 21.2R3-S7,
from 21.3 before 21.3R3-S5,
from 21.4 before 21.4R3-S4,
from 22.1 before 22.1R3-S4,
from 22.2 before 22.2R3-S2,
from 22.3 before 22.3R2-S2, 22.3R3-S1,
from 22.4 before 22.4R2-S2, 22.4R3,
from 23.2 before 23.2R1-S1, 23.2R2;
Junos OS Evolved:
all versions before 21.2R3-S7,
from 21.3 before 21.3R3-S5-EVO,
from 21.4 before 21.4R3-S5-EVO,
from 22.1 before 22.1R3-S4-EVO,
from 22.2 before 22.2R3-S2-EVO,
from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO,
from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO,
from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-16
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.
This issue affects Juniper Networks Junos OS Evolved 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-12
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.
This issue affects:
Junos OS:
* All versions earlier than 20.4R3-S10;
* 21.2 versions earlier than 21.2R3-S7;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Junos OS Evolved:
* All versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S3-EVO;
* 22.3-EVO versions earlier than 22.3R3-S1-EVO;
* 22.4-EVO versions earlier than 22.4R3-EVO;
* 23.2-EVO versions earlier than 23.2R2-EVO.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-04-12
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.
This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.
This issue does not affect releases before 23.1R1-EVO.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-04-12
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R1-S2.
Junos OS Evolved:
* all versions before 21.2R3-S7-EVO,
* from 21.3 before 21.3R3-S5-EVO,
* from 21.4 before 21.4R3-S5-EVO,
* from 22.1 before 22.1R3-S5-EVO,
* from 22.2 before 22.2R3-S3-EVO,
* from 22.3 before 22.3R3-S2-EVO,
* from 22.4 before 22.4R3-EVO,
* from 23.2 before 23.2R1-S2.
CVSS Score
5.0
EPSS Score
0.0
Published
2024-04-12
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.
This issue affects:
Junos OS:
* from 21.4 before 21.4R3-S4,
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S2,
* from 22.3 before 22.3R2-S2, 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S2-EVO,
* from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
This issue does not affect:
* Junos OS versions prior to 21.4R1;
* Junos OS Evolved versions prior to 21.4R1-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-12