An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.
Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
This issue affects:
Juniper Networks Junos OS:
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S6;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R2.
Juniper Networks Junos OS Evolved:
* All versions earlier than 21.2R3-S7;
* 21.3-EVO versions earlier than 21.3R3-S5;
* 21.4-EVO versions earlier than 21.4R3-S8;
* 22.1-EVO versions earlier than 22.1R3-S4;
* 22.2-EVO versions earlier than 22.2R3-S3;
* 22.3-EVO versions earlier than 22.3R3-S2;
* 22.4-EVO versions earlier than 22.4R3;
* 23.2-EVO versions earlier than 23.2R2.
CVSS Score
7.5
EPSS Score
0.013
Published
2024-07-11
A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).
Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).
Memory utilization could be monitored by:
user@host> show system memory or show system monitor memory status
This issue affects:
Junos OS: * All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-11
A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects
Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.
Junos OS Evolved: * All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S2-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-11
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).
This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S2,
* from 22.2 before 22.2R3-S1,
* from 22.3 before 22.3R2-S1, 22.3R3,
* from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-07-11
A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.
This issue affects Junos OS on MX Series:
* All version before 21.2R3-S6,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-07-11
A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a
Denial-of-Service (DoS).
When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.
Whether the leak occurs can be monitored with the following CLI command:
> show ppm request-queue
FPC Pending-request
fpc0 2
request-total-pending: 2
where a continuously increasing number of pending requests is indicative of the leak.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S7,
* 22.1 versions before 22.1R3-S4,
* 22.2 versions before 22.2R3-S4,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R2-S2, 22.4R3.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.2-EVO versions before 22.2R3-S4-EVO,
* 22.3-EVO versions before 22.3R3-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-07-11
An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.
When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9;
*
21.4 versions before 21.4R3-S9;
* 22.2 versions before 22.2R2-S1, 22.2R3;
* 22.3 versions before 22.3R1-S1, 22.3R2;
Junos OS Evolved:
* All versions before before 22.1R3-EVO;
* 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-07-11
An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions
ip-source-address
ip-destination-address
arp-type
which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.
This issue affects Junos OS on QFX5000 Series and EX4600 Series:
* All version before 21.2R3-S7,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.
CVSS Score
5.8
EPSS Score
0.003
Published
2024-07-11
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S5-EVO,
* 22.2-EVO versions before 22.2R3-S3-EVO,
* 22.3-EVO versions before 22.3R3-S2-EVO,
* 22.4-EVO versions before 22.4R3-EVO,
* 23.2-EVO versions before 23.2R2-EVO.
CVSS Score
5.7
EPSS Score
0.004
Published
2024-07-11
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.
This issue affects Junos OS:
* All versions before 21.4R3-S6,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S3,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-07-11