Junos Os

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.

Published: 2026-04-09T21:31:22.902Z
Updated: 2026-04-23T20:08:35.655Z

An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present on the device, a non-root user is able to execute malicious op scripts as a root-equivalent user, leading to privilege escalation.  This issue affects Junos OS:  * All versions before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R1-S2, 24.2R2,  * from 24.4 before 24.4R1-S2, 24.4R2;  Junos OS Evolved:  * All versions before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S4-EVO,  * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-EVO,  * from 24.4 before 24.4R1-S1-EVO, 24.4R2-EVO.

Published: 2026-04-09T21:24:50.485Z
Updated: 2026-04-16T15:14:18.212Z

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S7,  * from 24.2 before 24.2R2-S2,  * from 24.4 before 24.4R2,  * from 25.2 before 25.2R2;  Junos OS Evolved:  * all versions before 22.4R3-S8-EVO,  * from 23.2 before 23.2R2-S5-EVO,  * from 23.4 before 23.4R2-S7-EVO,  * from 24.2 before 24.2R2-S2-EVO,  * from 24.4 before 24.4R2-EVO,  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Published: 2026-04-09T21:38:52.747Z
Updated: 2026-04-22T14:48:22.085Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition. During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart. This issue cannot be triggered using IPv4 nor other IPv6 traffic. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S10, * all versions of 21.3, * from 21.4 before 21.4R3-S12, * all versions of 22.1, * from 22.2 before 22.2R3-S8, * all versions of 22.4, * from 22.4 before 22.4R3-S9, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S3, * from 25.2 before 25.2R1-S2, 25.2R2.

Published: 2026-04-09T21:38:08.493Z
Updated: 2026-04-10T13:56:16.375Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again. This issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600:  * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7 * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S1, 25.2R2.

Published: 2026-04-09T21:37:31.411Z
Updated: 2026-04-13T18:06:18.752Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again. This issue affects Junos OS on SRX1600, SRX2300 and SRX4300: * 24.4 versions before 24.4R1-S3, 24.4R2. This issue does not affect Junos OS versions before 24.4R1.

Published: 2026-04-09T21:28:29.648Z
Updated: 2026-04-13T18:06:20.220Z

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3,  * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.

Published: 2026-04-09T21:37:04.370Z
Updated: 2026-04-14T03:55:32.652Z

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Published: 2026-04-09T21:29:45.496Z
Updated: 2026-04-13T18:06:19.824Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS). On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS: * 24.4 releases before 24.4R2, * 25.2 releases before 25.2R1-S1, 25.2R2. This issue does not affect Junos OS releases before 24.4R1.

Published: 2026-04-09T21:35:48.123Z
Updated: 2026-04-10T14:10:08.812Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.

Published: 2026-04-09T21:29:20.534Z
Updated: 2026-04-13T18:06:19.950Z

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S9, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2.

Published: 2026-04-09T21:30:56.635Z
Updated: 2026-04-13T18:06:19.571Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS). If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections. This issue affects Junos OS on SRX Series and MX Series: * all versions before 22.4R3-S9, * 23.2 version before 23.2R2-S6, * 23.4 version before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R1-S2, 25.2R2.

Published: 2026-04-09T21:35:10.585Z
Updated: 2026-04-10T14:11:42.844Z

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S1, * 25.2 version before 25.2R1-S2, 25.2R2; Junos OS Evolved: * all versions before 23.2R2-S6-EVO, * 23.4 version before 23.4R2-S6-EVO, * 24.2 version before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S1-EVO, * 25.2 versions before 25.2R2-EVO.

Published: 2026-04-09T21:34:50.469Z
Updated: 2026-04-10T14:13:45.754Z

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.

Published: 2026-04-09T21:30:08.528Z
Updated: 2026-04-13T18:06:19.695Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platforms with MPC10, MPC11, LC4800 or LC9600 line cards, and MX304, firewall filters applied on a loopback interface lo0.n (where n is a non-0 number) don't get executed when lo0.n is in the global VRF / default routing-instance. An affected configuration would be: user@host# show configuration interfaces lo0 | display set set interfaces lo0 unit 1 family inet filter input <filter-name> where a firewall filter is applied to a non-0 loopback interface, but that loopback interface is not referred to in any routing-instance (RI) configuration, which implies that it's used in the default RI. The issue can be observed with the CLI command: user@device> show firewall counter filter <filter_name> not showing any matches. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R2.

Published: 2026-04-09T21:34:21.126Z
Updated: 2026-04-10T14:14:24.774Z

An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked. This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3. No other Junos OS versions are affected.

Published: 2026-04-09T21:28:56.625Z
Updated: 2026-04-13T18:06:20.091Z

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This issue affects:  Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-EVO.

Published: 2026-01-15T20:28:29.656Z
Updated: 2026-01-15T20:55:25.182Z

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.

Published: 2026-01-15T20:28:10.526Z
Updated: 2026-01-15T20:59:21.070Z

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disconnected, a locking issue causes mgd processes to hang in an unusable state. When the maximum number of mgd processes has been reached, no new logins are possible. This leads to the inability to manage the device and requires a power-cycle to recover. This issue can be monitored by checking for mgd processes in lockf state in the output of 'show system processes extensive': user@host> show system processes extensive | match mgd <pid> root       20   0 501M 4640K lockf   1 0:01 0.00% mgd If the system still can be accessed (either via the CLI or as root, which might still be possible as last resort as this won't invoke mgd), mgd processes in this state can be killed with 'request system process terminate <PID>' from the CLI or with 'kill -9 <PID>' from the shell.  This issue affects: Junos OS: * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; This issue does not affect Junos OS versions before 23.4R1; Junos OS Evolved: * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved versions before 23.4R1-EVO;

Published: 2026-04-09T21:26:46.081Z
Updated: 2026-04-13T18:06:20.368Z

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.

Published: 2026-01-15T20:27:54.743Z
Updated: 2026-01-15T21:13:00.740Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.

Published: 2026-01-15T20:27:11.214Z
Updated: 2026-01-15T21:12:37.455Z

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later.

Published: 2026-04-09T21:28:05.552Z
Updated: 2026-04-13T13:04:16.395Z

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2.

Published: 2026-01-15T20:25:35.725Z
Updated: 2026-01-15T20:44:30.550Z

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:   reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

Published: 2026-01-15T20:25:03.276Z
Updated: 2026-01-15T20:45:02.652Z

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:  * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.

Published: 2026-01-15T20:24:20.087Z
Updated: 2026-01-15T20:50:28.949Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS). On all EX4k and QFX5k platforms, a link flap in an EVPN-VXLAN configuration Link Aggregation Group (LAG) results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination. This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command. This issue affects Junos OS on EX4k and QFX5k Series:  * all versions before 21.4R3-S12,  * all versions of 22.2 * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2.

Published: 2026-01-15T20:23:29.682Z
Updated: 2026-01-15T20:51:57.933Z

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

Published: 2026-01-15T20:22:44.674Z
Updated: 2026-01-15T20:52:42.400Z

A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects: Junos OS:  * from 23.2R2-S1 before 23.2R2-S5,  * from 23.4R2 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S2, 25.2R2;  Junos OS Evolved:  * from 23.2R2-S1 before 23.2R2-S5-EVO,  * from 23.4R2 before 23.4R2-S6-EVO,  * from 24.2 before 24.2R2-S3-EVO,  * from 24.4 before 24.4R2-S1-EVO,  * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.

Published: 2026-01-15T20:21:41.576Z
Updated: 2026-02-26T15:04:06.477Z

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing. Note that PMI with GRE performance acceleration is only supported on specific SRX platforms. This issue affects Junos OS on the SRX Series: * all versions before 21.4R3-S12,  * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S1, 25.2R2.

Published: 2026-01-15T20:20:32.530Z
Updated: 2026-01-16T16:20:14.792Z

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS). On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC. This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue. This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC: * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S12,  * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2-S1,  * from 25.2 before 25.2R1-S1, 25.2R2.

Published: 2026-01-15T20:19:22.158Z
Updated: 2026-01-16T16:26:02.071Z

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS:  * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.

Published: 2026-01-15T20:18:36.767Z
Updated: 2026-01-15T21:12:08.631Z

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks. This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue. This issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S7,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2.

Published: 2026-01-15T20:17:24.552Z
Updated: 2026-03-10T22:44:14.198Z

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.

Published: 2025-07-11T15:11:04.939Z
Updated: 2025-07-11T15:38:56.764Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5 * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Published: 2026-01-15T20:16:47.459Z
Updated: 2026-01-15T21:10:58.766Z

A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced. This does not allow users to login with a wrong password, but only with the correct but expired one. This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S4-EVO, * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO.

Published: 2025-10-09T16:20:28.121Z
Updated: 2025-10-09T19:46:35.043Z

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from. This issue affects: Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2.

Published: 2026-01-15T20:16:22.617Z
Updated: 2026-03-16T18:18:52.683Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur. This issue affects iBGP and eBGP, over IPv4 and IPv6. This issue affects: Junos OS: * 23.4 versions from 23.4R2-S3 before 23.4R2-S5, * 24.2 versions from 24.2R2 before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

Published: 2025-10-09T16:18:27.118Z
Updated: 2025-10-09T19:46:51.236Z

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring: [ protocols bgp ... disable-4byte-as ] Established BGP sessions can be checked by executing: show bgp neighbor <IP address> | match "4 byte AS" This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Published: 2026-01-15T20:15:04.828Z
Updated: 2026-01-15T21:09:19.309Z

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2.

Published: 2025-10-09T16:05:17.009Z
Updated: 2025-10-10T14:41:12.698Z

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.  Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.

Published: 2025-10-09T15:48:08.091Z
Updated: 2025-10-09T16:03:31.610Z

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.  Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.

Published: 2025-10-09T15:48:08.091Z
Updated: 2025-10-09T16:03:31.610Z

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card. This issue affects Junos OS on SRX4700:  * from 24.4 before 24.4R1-S3, 24.4R2 This issue affects IPv4 and IPv6.

Published: 2025-10-09T15:46:25.285Z
Updated: 2025-10-09T19:00:04.954Z

An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS). With BGP sharding enabled, triggering route resolution of an indirect next-hop (e.g., an IGP route change over which a BGP route gets resolved), may cause rpd to crash and restart. An attacker causing continuous IGP route churn, resulting in repeated route re-resolution, will increase the likelihood of triggering this issue, leading to a potentially extended DoS condition. This issue affects: Junos OS: * all versions before 21.4R3-S6,  * from 22.1 before 22.1R3-S6,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2;  Junos OS Evolved:  * all versions before 22.3R3-S3-EVO,  * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R2-EVO. Versions before Junos OS 21.3R1 and Junos OS Evolved 21.3R1-EVO are unaffected by this issue.

Published: 2025-10-09T15:45:19.343Z
Updated: 2025-10-09T19:05:04.870Z

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay. This issue affects: Junos OS: * all versions before 21.2R3-S10, * all versions of 22.2, * from 21.4 before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Published: 2026-01-15T20:14:43.508Z
Updated: 2026-01-15T21:08:37.387Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion. This issue affects Junos OS:  * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S12, * all versions of 22.2, * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S2,  * from 24.4 before 24.4R2,  * from 25.2 before 25.2R1-S1, 25.2R2. Junos OS Evolved: * all versions before 21.4R3-S12-EVO,  * all versions of 22.2-EVO, * from 22.4 before 22.4R3-S8-EVO,  * from 23.2 before 23.2R2-S5-EVO,  * from 23.4 before 23.4R2-S6-EVO,  * from 24.2 before 24.2R2-S2-EVO,  * from 24.4 before 24.4R2-EVO,  * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Published: 2026-01-15T20:14:00.582Z
Updated: 2026-01-16T16:27:58.152Z

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart. 'show route ... extensive' is not affected. This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO,  * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Published: 2026-01-15T20:13:21.483Z
Updated: 2026-01-16T16:37:24.353Z

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown to the actual operator, which includes users, IP addresses and other configuration which could allow unauthorized access to the device. This exploit is persistent across reboots and even zeroization. The indicator of compromise is a modified /etc/config/<platform>-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can be extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC). To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media.  This issue affects Junos OS on EX4600 Series and QFX5000 Series: * All versions before 21.4R3, * 22.2 versions before 22.2R3-S3.

Published: 2025-10-09T15:43:23.110Z
Updated: 2025-10-09T19:49:29.942Z

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects:  Junos OS:  * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S5-EVO,  * 24.2-EVO versions before 24.2R2-S1-EVO * 24.4-EVO versions before 24.4R2-EVO.

Published: 2025-07-11T15:10:47.204Z
Updated: 2025-09-24T08:03:12.314Z

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Published: 2025-07-11T15:11:24.991Z
Updated: 2026-02-26T17:50:44.376Z

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.

Published: 2025-07-11T15:10:20.934Z
Updated: 2025-07-15T19:55:10.352Z

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.

Published: 2025-07-11T15:09:37.765Z
Updated: 2025-07-15T19:55:22.722Z

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

Published: 2025-07-11T15:09:18.207Z
Updated: 2026-02-26T17:50:44.757Z

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions from 21.4R1, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6. As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected. This issue does not affect MX-SPC3 or SRX Series devices.

Published: 2025-07-11T15:08:53.931Z
Updated: 2025-07-15T19:55:34.678Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If a sequence of specific PIM packets is received, this will cause a flowd crash and restart. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This is a similar, but different vulnerability than the issue reported as CVE-2024-47503, published in JSA88133.

Published: 2025-07-11T15:08:33.384Z
Updated: 2025-07-15T19:55:40.480Z

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Published: 2025-07-11T15:08:15.638Z
Updated: 2025-07-15T19:55:48.095Z

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Published: 2025-07-11T15:06:49.951Z
Updated: 2025-07-14T16:35:31.358Z

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS:  * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5,   * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2.

Published: 2025-07-11T15:06:26.737Z
Updated: 2025-07-11T20:11:51.358Z

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series:  * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2.

Published: 2025-10-09T15:40:20.193Z
Updated: 2025-12-01T08:41:51.806Z

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario. Continued session establishment failures leads to a sustained DoS condition.  This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2; Junos OS Evolved: * All versions before 22.2R3-S6-EVO, * from 22.4 before 22.4R3-S6-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.

Published: 2025-07-11T14:43:38.431Z
Updated: 2025-07-11T14:55:56.096Z

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash.  When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart.  Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved:  * All versions of 21.2-EVO,  * All versions of 21.4-EVO,  * All versions of 22.2-EVO,  * from 22.4 before 22.4R3-S7-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S4-EVO,  * from 24.2 before 24.2R2-EVO.

Published: 2025-07-11T14:42:20.206Z
Updated: 2025-08-20T18:32:11.120Z

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Published: 2025-07-11T15:04:55.140Z
Updated: 2025-07-11T20:11:26.659Z

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Published: 2025-07-11T15:04:35.691Z
Updated: 2025-07-11T20:10:52.673Z

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as an 'accept' for all traffic on the interface destined for the control plane, even when used in combination with other match criteria. This issue only affects firewall filters protecting the device's control plane. Transit firewall filtering is unaffected by this vulnerability. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S2, 24.4R2. This is a more complete fix for previously published CVE-2024-21607 (JSA75748).

Published: 2025-07-11T14:41:03.752Z
Updated: 2025-07-15T14:35:11.059Z

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS:  * all versions before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2;  Junos OS Evolved:  * all versions before 22.2R3-S7-EVO,  * from 22.4-EVO before 22.4R3-S7-EVO,  * from 23.2-EVO before 23.2R2-S4-EVO,  * from 23.4-EVO before 23.4R2-S5-EVO,  * from 24.2-EVO before 24.2R2-S1-EVO,  * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Published: 2025-07-11T14:40:41.658Z
Updated: 2025-07-11T15:05:58.938Z

An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart. BPF provides a raw interface to data link layers in a protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race condition), when a BPF instance is cloned, the newly created interface causes an internal structure leakage, leading to a system crash. The precise content and timing of the traffic patterns is indeterminate, but has been seen in a lab environment multiple times. This issue is more likely to occur when packet capturing is enabled.  See required configuration below. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S1, 24.2R2.

Published: 2025-07-11T14:40:31.197Z
Updated: 2025-07-23T14:57:37.021Z

An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS). On ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices, FEB0 will crash when the primary path port of the L2 circuit IGP (Interior Gateway Protocol) on the local device goes down. This issue is seen only when 'hot-standby' mode is configured for the L2 circuit. This issue affects Junos OS on ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096:  * all versions before 21.2R3-S9.

Published: 2025-07-11T14:40:14.792Z
Updated: 2025-07-11T15:25:08.865Z

A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of Service (DoS). Continuous receipt of the malformed AS PATH attribute will cause a sustained DoS condition. On all Junos OS and Junos OS Evolved platforms, the rpd process will crash and restart when a specifically malformed AS PATH is received within a BGP update and traceoptions are enabled. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not impacted by this issue. This issue affects:  Junos OS: * All versions before 21.2R3-S9,  * all versions of 21.4, * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO. This is a more complete fix for previously published CVE-2024-39549 (JSA83011).

Published: 2025-07-11T14:39:59.014Z
Updated: 2025-07-11T15:25:30.605Z

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system. This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. This issue affects Junos OS: * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2. This issue does not affect versions prior to 23.1R2.

Published: 2025-07-11T14:38:52.289Z
Updated: 2026-02-26T17:50:46.098Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed: <fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...> This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2.

Published: 2025-04-09T20:05:25.345Z
Updated: 2025-04-09T20:29:59.919Z

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This issue does not affect versions before 21.4.

Published: 2025-04-09T20:03:23.936Z
Updated: 2025-04-09T20:30:38.589Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic. A jbuf memory leak can be noticed from the following logs: (<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%! To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs. This issue affects Junos OS on SRX Series:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R2.

Published: 2025-04-09T20:02:50.588Z
Updated: 2025-04-09T20:31:32.793Z

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R1-S2, 23.2R2. This issue does not affected Junos OS Evolved.

Published: 2025-04-09T20:02:21.815Z
Updated: 2025-04-09T20:32:08.395Z

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS. This issue affects Junos OS on MX Series and SRX Series:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

Published: 2025-04-09T20:01:48.339Z
Updated: 2025-04-10T14:23:32.306Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.  The device is only affected if BGP RIB sharding and update-threading is enabled. This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2. and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S8-EVO,  * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S2-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Published: 2025-04-09T20:01:15.300Z
Updated: 2025-04-09T20:35:13.421Z

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.  Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system. This issue affects Junos OS:  * All versions before 21.4R3-S10, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3. Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S3-EVO.

Published: 2025-04-09T20:00:36.618Z
Updated: 2025-04-09T20:40:40.786Z

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * All versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2. Junos OS Evolved: * All versions before 22.2R3-S4-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R2-EVO.

Published: 2025-04-09T19:57:37.713Z
Updated: 2025-04-09T20:32:41.398Z

An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S6-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO.

Published: 2025-04-09T19:57:01.859Z
Updated: 2025-04-09T20:33:23.314Z

A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.  This issue only affects systems configured with IPv6. This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2; and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S4-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO.

Published: 2025-04-09T19:56:28.305Z
Updated: 2025-04-09T20:36:41.381Z

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S6,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.

Published: 2026-04-08T17:26:35.685Z
Updated: 2026-04-13T21:17:19.185Z

An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2 An indicator of compromise will indicate the SPC3 SPUs utilization has spiked. For example:     user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage

Published: 2025-04-09T19:55:37.363Z
Updated: 2025-04-09T20:03:04.073Z

An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service. This issue will occur when dhcp-security is enabled.  This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * from 22.4 before 22.4R3-S6-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S4-EVO,  * from 24.2 before 24.2R2-EVO. .

Published: 2025-04-09T19:54:41.339Z
Updated: 2025-04-09T20:06:17.698Z

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.                 user@host> show chassis fpc                                        Temp    CPU Utilization (%)   CPU Utilization (%)   Memory     Utilization (%)                       Slot State       (C)     Total   Interrupt     1min   5min  15min    DRAM (MB)  Heap   Buffer                       2 Online         36       10         0          9     8     9        32768      26         0                                                                                                       This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.

Published: 2025-04-09T19:53:59.529Z
Updated: 2025-04-09T20:07:25.649Z

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S6-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO.

Published: 2025-04-09T19:53:27.087Z
Updated: 2025-04-09T20:39:47.342Z

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).  Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2.

Published: 2025-04-09T19:52:51.730Z
Updated: 2025-04-24T20:04:34.131Z

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: * All versions before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.

Published: 2025-04-09T19:52:16.737Z
Updated: 2026-02-26T18:28:28.449Z

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS:  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  This issue does not affect versions prior to 21.1R1. Junos OS Evolved:  * from 21.4 before 21.4R3-S9-EVO,  * from 22.2 before 22.2R3-S5-EVO,  * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S3-EVO,  * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions prior to 21.1R1-EVO

Published: 2025-01-09T16:49:25.387Z
Updated: 2025-01-09T19:22:10.606Z

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS:  * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S1, 24.2R2. An indicator of compromise is to review the CPU % of the httpd process in the CLI: e.g.   show system processes extensive | match httpd  PID nobody       52   0   20M    191M select   2   0:01   80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator

Published: 2025-04-09T19:51:36.325Z
Updated: 2025-04-15T20:30:05.134Z

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer.  This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  Junos OS Evolved:  * from 21.4-EVO before 21.4R3-S9-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S2-EVO,  * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions of Junos OS prior to 21.3R1. This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.

Published: 2025-01-09T16:49:42.367Z
Updated: 2025-01-27T22:00:26.801Z

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS:  * from 21.2R3-S8 before 21.2R3-S9,  * from 21.4R3-S7 before 21.4R3-S9,  * from 22.2R3-S4 before 22.2R3-S5,  * from 22.3R3-S2 before 22.3R3-S4,  * from 22.4R3 before 22.4R3-S5,  * from 23.2R2 before 23.2R2-S2,  * from 23.4R1 before 23.4R2-S1,  * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO,  * from 22.2R3-S4-EVO before 22.2R3-S5-EVO,  * from 22.3R3-S2-EVO before 22.3R3-S4-EVO,  * from 22.4R3-EVO before 22.4R3-S5-EVO,  * from 23.2R2-EVO before 23.2R2-S2-EVO,  * from 23.4R1-EVO before 23.4R2-S1-EVO,  * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device:  show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:   rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and   rpd[<pid>]: Malformed Attribute

Published: 2025-01-09T18:16:32.549Z
Updated: 2025-01-09T20:15:00.238Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before :22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.

Published: 2025-04-09T19:50:57.792Z
Updated: 2025-04-10T13:12:47.198Z

An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system. This issue affects Junos OS on SRX1500, SRX4100, SRX4200:  * All versions before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S4,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S1.

Published: 2025-01-09T16:41:51.107Z
Updated: 2025-01-09T19:22:29.635Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart. This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command. user@host> show chassis fpc                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%) Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer   0 Online           45     3         0       2       2      2       32768      19       0 <<<<<<< Heap increase in all fPCs This issue affects Junos OS: * All versions before 21.2R3-S7, * 21.4 versions before 21.4R3-S4, * 22.2 versions before 22.2R3-S1,  * 22.3 versions before 22.3R3-S1,  * 22.4 versions before 22.4R2-S2, 22.4R3. and Junos OS Evolved: * All versions before 21.2R3-S7-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO,  * 22.3-EVO versions before 22.3R3-S1-EVO,  * 22.4-EVO versions before 22.4R3-EVO.

Published: 2025-04-09T19:50:28.091Z
Updated: 2025-04-10T13:13:22.128Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed.  Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover. Following is the command to identify the issue:      user@host> show services nat source port-block      Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/                                                               Range           Ports_Total       Left_Time(s)     2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       >>>>>>>>port still usedThis issue affects Junos OS on MX Series:  * from 21.2 before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S6,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2. This issue does not affect versions before 20.2R1.

Published: 2025-04-09T19:49:41.391Z
Updated: 2025-04-10T13:14:00.650Z

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2; and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S10-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Published: 2025-01-09T16:41:09.326Z
Updated: 2025-01-09T19:22:40.654Z

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Published: 2025-01-09T16:39:56.442Z
Updated: 2025-01-09T19:22:48.614Z

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. This issue isn't applicable to any versions of Junos OS before 23.1R1. This issue doesn't affect vSRX Series which doesn't support DHCP Snooping. This issue doesn't affect Junos OS Evolved. There are no indicators of compromise for this issue.

Published: 2025-04-09T19:46:55.976Z
Updated: 2025-04-28T16:21:26.535Z

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.

Published: 2025-03-12T13:59:43.038Z
Updated: 2026-02-26T19:09:35.631Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3;  Junos OS Evolved:  * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO.

Published: 2024-10-11T15:38:16.861Z
Updated: 2024-10-11T17:13:40.197Z

A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control. This issue affects Junos OS on SRX Series: * All versions before 21.3R3-S1, * 21.4 versions before 21.4R3, * 22.1 versions before 22.1R2, * 22.2 versions before 22.2R1-S2, 22.2R2.

Published: 2024-10-11T15:37:32.961Z
Updated: 2024-10-11T17:15:46.190Z

An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won't be adversely impacted by this.

Published: 2024-10-11T15:33:08.341Z
Updated: 2024-10-11T17:25:02.384Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before 22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2,  * 24.2 versions before 24.2R1-S1, 24.2R2.

Published: 2024-10-11T15:32:17.727Z
Updated: 2024-10-11T17:26:09.773Z

A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:  * All version before 21.2R3-S1, * 21.3 versions before 21.3R3,  * 21.4 versions before 21.4R2.

Published: 2024-10-11T15:31:12.115Z
Updated: 2024-10-11T17:31:13.526Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).  In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart. This issue affects: Junos OS:  * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R3-S8-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Published: 2024-10-11T15:30:36.930Z
Updated: 2024-10-11T17:37:24.608Z

An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2.

Published: 2024-10-11T15:28:49.424Z
Updated: 2024-10-11T17:41:24.159Z

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Published: 2024-10-11T15:28:13.727Z
Updated: 2024-10-11T17:42:39.299Z

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS:  * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved.

Published: 2024-10-11T15:24:35.820Z
Updated: 2024-10-11T17:48:37.447Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash.   Below CLI command can be used to check the memory usage over a period of time:   user@host> show chassis fpc                 Temp CPU Utilization (%)   CPU Utilization (%) Memory   Utilization (%)   Slot State     (C)  Total  Interrupt     1min   5min   15min DRAM (MB) Heap     Buffer   0 Online       43     41         2                           2048       49         14   1 Online       43     41         2                           2048       49         14   2 Online       43     41         2                           2048       49         14 This issue affects Junos OS on MX Series:  * All versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R2.

Published: 2024-10-11T15:24:02.438Z
Updated: 2024-11-08T17:17:27.242Z

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. While this issue affects systems running 32-bit and 64-bit systems, the probability of impact on 64-bit system is extremely low.  According to KB25803 https://supportportal.juniper.net/s/article/Junos-How-to-check-if-Junos-OS-is-64-or-32-bit-on-a-router , customers can confirm 32-bit or 64-bit system via the ' show version detail ' command:      lab@router> show version detail| match 32      JUNOS 32-bit kernel Software Suite       lab@router> show version detail| match 64      JUNOS 64-bit kernel Software Suite  This issue affects:  Juniper Networks Junos OS:  * All versions before 21.4R3-S8,  * from 22.2 before 22.2R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2.  Juniper Networks Junos OS Evolved:  * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.

Published: 2024-10-11T15:23:08.762Z
Updated: 2024-10-22T19:12:09.407Z

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS:  * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Published: 2025-02-05T15:31:23.063Z
Updated: 2025-02-26T18:16:35.494Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network. This issue affects Junos OS on SRX4600 and SRX5000 Series: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.

Published: 2024-07-10T22:46:34.024Z
Updated: 2024-08-02T04:26:15.914Z

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS). The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected. System kernel memory can be monitored through the use of the 'show system kernel memory' command as shown below: user@router> show system kernel memory   Real memory total/reserved: 4130268/ 133344 Kbytes kmem map free: 18014398509110220 Kbytes This issue affects: Junos OS: * All versions before 20.4R3-S9, * All versions of 21.2, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

Published: 2024-07-10T22:44:55.736Z
Updated: 2024-10-01T19:16:59.626Z

An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash. This issue affects: Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3, * from 22.4 before 22.4R2;  Junos OS Evolved: * All versions before 20.4R3-S10 -EVO, * All versions of 21.2-EVO, * from 21.4-EVO before 21.4R3-S9-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-EVO, * from 22.4-EVO before 22.4R2-EVO.

Published: 2024-07-10T22:40:44.365Z
Updated: 2024-08-13T20:36:57.726Z

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects:  Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2;  Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.

Published: 2024-07-10T22:38:44.894Z
Updated: 2024-08-02T04:26:15.938Z

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition. Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset: BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list) Only systems with segment routing enabled are vulnerable to this issue. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session. This issue affects: Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved:  * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.

Published: 2024-07-10T22:36:48.706Z
Updated: 2024-08-02T04:26:15.946Z

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control.  However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.  Under certain circumstance and with specific timing, this could result in an rpd crash. This issue only affects systems with BGP multipath enabled. This issue affects: Junos OS: * All versions of 21.1 * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions of 21.1-EVO, * All versions of 21.2-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. Versions of Junos OS before 21.1R1 are unaffected by this vulnerability. Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.

Published: 2024-07-10T22:32:34.310Z
Updated: 2024-08-02T04:26:15.931Z

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.

Published: 2024-07-11T16:30:36.672Z
Updated: 2024-08-02T04:26:15.942Z

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2.

Published: 2024-07-11T16:29:46.607Z
Updated: 2024-08-02T04:26:15.947Z

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting rtlogd process.  The memory usage can be monitored using the below command.     user@host> show system processes extensive | match rtlog  This issue affects Junos OS on MX Series with SPC3 line card:  * from 21.2R3 before 21.2R3-S8,  * from 21.4R2 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3-S1,  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R2.

Published: 2024-07-11T16:29:03.646Z
Updated: 2024-08-02T04:26:15.926Z

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by:  user@host> show system memory or show system monitor memory status This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.

Published: 2024-07-11T16:27:19.238Z
Updated: 2025-02-26T18:16:27.497Z

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail ... read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\ read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\ This issue affects: Junos OS with cRPD:  * All versions before 21.2R3-S8,  * 21.4 before 21.4R3-S7,  * 22.1 before 22.1R3-S6,  * 22.2 before 22.2R3-S4,  * 22.3 before 22.3R3-S3,  * 22.4 before 22.4R3-S2,  * 23.2 before 23.2R2-S2,  * 24.2 before 24.2R2;  Junos OS Evolved with cRPD:  * All versions before 21.4R3-S7-EVO,  * 22.2 before 22.2R3-S4-EVO,  * 22.3 before 22.3R3-S3-EVO,  * 22.4 before 22.4R3-S2-EVO,  * 23.2 before 23.2R2-EVO.

Published: 2024-10-11T15:20:45.121Z
Updated: 2024-10-11T18:58:50.795Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S2,  * from 22.2 before 22.2R3-S1,  * from 22.3 before 22.3R2-S1, 22.3R3,  * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.

Published: 2024-07-11T16:22:13.915Z
Updated: 2024-08-02T04:26:15.979Z

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects  Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO,  * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.

Published: 2024-07-11T16:21:38.508Z
Updated: 2024-08-02T04:26:15.957Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.) 2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1. The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) This issue affects Junos OS: * All versions before 21.2R3-S4, * 21.4 versions before 21.4R2, * 22.2 versions before 22.2R3-S2;  Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R2-EVO.

Published: 2024-07-11T16:17:56.613Z
Updated: 2024-08-02T04:26:15.909Z

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2,  * 23.4 versions before 23.4R1-S1, 23.4R2,  This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1.

Published: 2024-07-11T16:17:20.730Z
Updated: 2024-08-02T04:26:15.778Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases.

Published: 2024-07-11T16:16:37.977Z
Updated: 2024-08-02T04:26:16.011Z

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3,  * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Published: 2024-07-11T16:15:57.431Z
Updated: 2024-08-02T04:26:15.901Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC     Pending-request fpc0                   2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak.  This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.

Published: 2024-07-11T16:13:24.485Z
Updated: 2024-08-02T04:26:15.613Z

An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions ip-source-address ip-destination-address arp-type which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect. This issue affects Junos OS on QFX5000 Series and EX4600 Series: * All version before 21.2R3-S7,  * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2,  * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.

Published: 2024-07-11T16:08:29.431Z
Updated: 2024-08-02T04:26:15.170Z

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.

Published: 2024-07-11T16:06:40.305Z
Updated: 2025-01-07T20:25:28.188Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. This issue affects Junos OS: * 21.4 versions from 21.4R3 before 21.4R3-S5, * 22.1 versions from 22.1R3 before 22.1R3-S4, * 22.2 versions from 22.2R2 before 22.2R3, * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, * 22.4 versions from 22.4R1 before 22.4R2. This issue does not affect Junos OS versions earlier than 21.4.

Published: 2024-07-11T16:04:13.075Z
Updated: 2024-08-02T04:26:15.620Z

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Published: 2024-07-11T16:03:26.980Z
Updated: 2024-08-02T04:26:15.162Z

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects:    Junos OS: * All versions before 21.2R3-S8,  * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.   Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO,  * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO.

Published: 2024-07-11T16:02:45.680Z
Updated: 2024-08-02T04:26:15.902Z

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS on SRX Series:  * All versions before 21.4R3-S8,  * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S4,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2.

Published: 2024-10-11T15:17:27.424Z
Updated: 2024-10-11T19:01:22.194Z

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. See configuration below. This issue can be detected using following commands. Their output will display the interface status going down: user@device>show interfaces <if--x/x/x> user@device>show log messages | match <if--x/x/x> user@device>show log messages ==> will display the "[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no," logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability

Published: 2024-10-11T15:16:49.788Z
Updated: 2024-10-11T19:01:50.987Z

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established.  Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * from 21.4-EVO before 21.4R3-S8-EVO,  * from 22.2-EVO before 22.2R3-S4-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO,  * from 23.2-EVO before 23.2R2-S1-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Published: 2024-10-09T20:01:20.604Z
Updated: 2024-10-11T15:15:51.339Z

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.  This issue is only seen when telemetry subscription is active. The Heap memory utilization can be monitored using the following command:   > show system processes extensive The following command can be used to monitor the memory utilization of the specific sensor   > show system info | match sensord PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 This issue affects Junos OS:  * from 21.2R3-S5 before 21.2R3-S7,  * from 21.4R3-S4 before 21.4R3-S6,  * from 22.2R3 before 22.2R3-S4,  * from 22.3R2 before 22.3R3-S2,  * from 22.4R1 before 22.4R3,  * from 23.2R1 before 23.2R2.

Published: 2024-07-10T23:07:59.646Z
Updated: 2024-08-02T04:26:15.900Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services. This issue affects both IPv4 and IPv6 implementations. This issue affects Junos OS: All versions earlier than 21.4R3-S7; 22.1 versions earlier than 22.1R3-S5; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S3; 22.4 versions earlier than 22.4R3-S2; 23.2 versions earlier than 23.2R2; 23.4 versions earlier than 23.4R1-S1. Junos OS Evolved: All versions earlier than 21.4R3-S7-EVO; 22.1-EVO versions earlier than 22.1R3-S5-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S3-EVO; 22.4-EVO versions earlier than 22.4R3-S2-EVO; 23.2-EVO versions earlier than 23.2R2-EVO; 23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.

Published: 2024-07-10T23:06:40.329Z
Updated: 2024-08-02T04:26:15.885Z

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP traffic engineering configured This issue can affect iBGP and eBGP with any address family configured. The specific attribute involved is non-transitive, and will not propagate across a network. This issue affects: Junos OS:  * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S3,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S5-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S2-EVO,  * 23.4-EVO before 23.4R2-EVO.

Published: 2024-10-09T20:00:59.383Z
Updated: 2024-10-16T21:11:11.721Z

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. In some cases, rpd fails to restart requiring a manual restart via the 'restart routing' CLI command. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.4R3-S8,  * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S3,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S5-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S2-EVO,  * 23.4-EVO before 23.4R2-EVO.

Published: 2024-10-09T20:00:39.888Z
Updated: 2024-10-11T15:12:59.546Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects Junos OS: * All versions before 20.4R3-S10,  * from 21.4 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 20.4R3-S10-EVO,  * from 21.4-EVO before 21.4R3-S6-EVO,  * from 22.1-EVO before 22.1R3-S5-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S2-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO.

Published: 2024-07-10T23:05:27.050Z
Updated: 2024-08-02T04:26:15.815Z

An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. This issue affects Junos OS: * All versions before 20.4R3-S10; * 21.2 versions before 21.2R3-S7; * 21.4 versions before 21.4R3-S6; * 22.1 versions before 22.1R3-S5; * 22.2 versions before 22.2R3-S3; * 22.3 versions before 22.3R3-S2; * 22.4 versions before 22.4R3-S1; * 23.2 versions before 23.2R2.

Published: 2024-07-10T22:58:06.058Z
Updated: 2024-08-02T04:26:15.455Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.  This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved:  * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.

Published: 2024-04-12T15:03:21.656Z
Updated: 2024-08-02T01:32:07.262Z

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.

Published: 2024-04-12T15:04:23.911Z
Updated: 2024-08-12T17:24:28.664Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: * All versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R2-EVO.

Published: 2024-04-12T15:27:33.140Z
Updated: 2024-08-02T01:32:07.233Z

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;  This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4.

Published: 2024-04-12T15:26:58.419Z
Updated: 2024-08-02T01:32:07.287Z

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS:   * 21.2 before 21.2R3-S7, * 21.4 before 21.4R3-S6,  * 22.1 before 22.1R3-S5, * 22.2 before 22.2R3-S3, * 22.3 before 22.3R3-S2, * 22.4 before 22.4R3, * 23.2 before 23.2R1-S2, 23.2R2.

Published: 2024-04-12T15:26:27.402Z
Updated: 2024-08-08T20:28:23.510Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command:   root@srx> show system processes extensive | match pkid   xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

Published: 2024-04-12T15:25:54.567Z
Updated: 2024-08-02T01:32:07.245Z

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.3 before 21.3R3-S5,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO,  * from 21.3-EVO before 21.3R3-S5-EVO,  * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S2-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739

Published: 2024-04-12T15:07:20.344Z
Updated: 2024-08-02T01:32:07.173Z

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

Published: 2024-04-12T15:07:36.080Z
Updated: 2024-08-02T01:32:07.269Z

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.

Published: 2024-04-12T15:07:48.287Z
Updated: 2024-08-02T01:32:07.121Z

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3,  * 21.2 versions before 21.2R2-S1, 21.2R3,  * 21.3 versions before 21.3R1-S2, 21.3R2.

Published: 2024-04-12T15:25:24.733Z
Updated: 2024-08-09T20:08:44.052Z

An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.

Published: 2024-04-12T15:24:09.806Z
Updated: 2024-08-02T01:32:07.280Z

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3.

Published: 2024-04-12T15:09:12.944Z
Updated: 2024-08-02T01:32:07.381Z

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: * All versions before 20.4R3-S9, * 21.2 versions before 21.2R3-S5,  * 21.3 versions before 21.3R3-S5,  * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S2, * 22.2 versions before 22.2R3-S2, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2.

Published: 2024-04-12T15:20:04.679Z
Updated: 2024-08-02T01:32:07.093Z

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS:  * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved:  * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,  * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.

Published: 2024-04-12T15:23:24.249Z
Updated: 2024-08-02T01:32:07.240Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.  This issue affects Junos OS:  All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6.

Published: 2024-04-12T15:22:40.490Z
Updated: 2024-08-02T01:32:07.095Z

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.

Published: 2024-04-12T15:22:03.210Z
Updated: 2024-08-02T01:32:07.236Z

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV. The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP.  The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service.  Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: all versions before 20.4R3-S9, from 21.2 before 21.2R3-S7, from 21.3 before 21.3R3-S5, from 21.4 before 21.4R3-S4, from 22.1 before 22.1R3-S4, from 22.2 before 22.2R3-S2, from 22.3 before 22.3R2-S2, 22.3R3-S1, from 22.4 before 22.4R2-S2, 22.4R3, from 23.2 before 23.2R1-S1, 23.2R2; Junos OS Evolved: all versions before 21.2R3-S7, from 21.3 before 21.3R3-S5-EVO, from 21.4 before 21.4R3-S5-EVO, from 22.1 before 22.1R3-S4-EVO, from 22.2 before 22.2R3-S2-EVO, from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.

Published: 2024-04-16T20:04:53.599Z
Updated: 2024-08-02T01:32:07.069Z

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition.  The process crashes and restarts automatically. When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash.  This process manages and controls the configuration of broadband subscriber sessions and services.  While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition. This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled. This issue affects Junos OS: * All versions before 20.4R3-S5, * from 21.1 before 21.1R3-S4, * from 21.2 before 21.2R3-S3, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3, * from 22.2 before 22.2R3, * from 22.3 before 22.3R2;

Published: 2024-04-16T20:03:56.292Z
Updated: 2024-08-02T01:32:07.268Z

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2.

Published: 2024-01-25T22:50:18.164Z
Updated: 2025-05-29T15:18:51.087Z

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Published: 2024-01-25T22:48:16.839Z
Updated: 2025-06-17T21:19:30.229Z

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4,  * from 22.1 before 22.1R3-S4,  * from 22.2 before 22.2R3-S2,  * from 22.3 before 22.3R2-S2, 22.3R3-S1,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.1-EVO before 22.1R3-S4-EVO,  * from 22.2-EVO before 22.2R3-S2-EVO,  * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.

Published: 2024-04-12T14:55:52.241Z
Updated: 2024-08-01T22:27:35.779Z

An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7.

Published: 2024-01-12T00:57:00.195Z
Updated: 2025-06-17T21:09:20.967Z

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

Published: 2024-01-12T00:56:20.566Z
Updated: 2025-06-17T14:43:11.964Z

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2. Junos OS Evolved:  * all versions before 21.2R3-S7-EVO,  * from 21.3 before 21.3R3-S5-EVO,  * from 21.4 before 21.4R3-S5-EVO,  * from 22.1 before 22.1R3-S5-EVO,  * from 22.2 before 22.2R3-S3-EVO,  * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R1-S2.

Published: 2024-04-12T14:55:36.105Z
Updated: 2024-08-01T22:27:35.780Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO.

Published: 2024-01-12T00:56:05.953Z
Updated: 2025-06-17T21:09:20.833Z

A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO.

Published: 2024-01-12T00:55:51.011Z
Updated: 2025-06-17T21:09:20.684Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

Published: 2024-01-12T00:55:22.381Z
Updated: 2025-06-17T21:09:20.069Z

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached, new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Published: 2024-04-12T14:55:15.514Z
Updated: 2025-05-19T09:22:18.640Z

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command:   user@host> show system processes extensive | grep iked           PID USERNAME   PRI NICE   SIZE   RES   STATE   C TIME WCPU COMMAND           56903 root       31   0     4016M 2543M CPU0   0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Published: 2024-04-12T14:55:00.663Z
Updated: 2024-08-01T22:27:35.671Z

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.

Published: 2024-01-12T00:55:07.323Z
Updated: 2025-06-17T21:09:19.924Z

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Published: 2024-01-12T00:54:51.832Z
Updated: 2025-06-17T21:09:19.784Z

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.

Published: 2024-04-12T14:54:46.590Z
Updated: 2024-08-09T20:09:26.830Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2.

Published: 2024-01-12T00:54:22.697Z
Updated: 2025-06-17T21:09:19.638Z

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.

Published: 2024-01-12T00:53:54.163Z
Updated: 2024-11-14T14:40:02.161Z

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3.

Published: 2024-01-12T00:53:38.834Z
Updated: 2025-06-17T21:09:19.373Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.

Published: 2024-01-12T00:53:23.497Z
Updated: 2025-06-16T18:33:32.215Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.

Published: 2024-04-12T14:54:23.761Z
Updated: 2024-08-01T22:27:36.007Z

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

Published: 2024-01-12T00:53:07.122Z
Updated: 2025-06-03T14:05:47.674Z

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

Published: 2024-01-12T00:52:52.522Z
Updated: 2024-09-25T19:17:45.753Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

Published: 2024-01-12T00:52:35.433Z
Updated: 2024-09-03T18:13:05.922Z

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

Published: 2024-01-12T00:52:18.218Z
Updated: 2025-06-03T14:05:53.514Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.

Published: 2024-04-12T14:54:08.039Z
Updated: 2024-08-01T22:27:35.554Z

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Published: 2024-01-12T00:52:04.028Z
Updated: 2024-10-25T20:23:00.384Z

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

Published: 2024-01-12T00:51:30.990Z
Updated: 2025-06-03T14:05:59.834Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition. This issue affects Junos OS on SRX Series: * 21.4 versions before 21.4R3-S7.9, * 22.1 versions before 22.1R3-S5.3, * 22.2 versions before 22.2R3-S4.11, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R3. This issue affects Junos OS on NFX Series: * 21.4 versions before 21.4R3-S8, * 22.1 versions after 22.1R1, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R3. Junos OS versions prior to 21.4R1 are not affected by this issue.

Published: 2024-07-01T16:34:21.768Z
Updated: 2024-08-01T22:27:34.830Z

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.

Published: 2024-01-12T00:50:59.105Z
Updated: 2024-11-14T14:40:50.210Z

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;

Published: 2023-10-12T23:06:37.422Z
Updated: 2024-09-17T16:09:18.179Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.

Published: 2023-10-12T23:06:21.471Z
Updated: 2024-09-17T16:09:42.727Z

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.

Published: 2023-10-12T23:06:03.943Z
Updated: 2024-09-17T16:09:58.894Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.

Published: 2023-10-12T23:05:52.303Z
Updated: 2024-09-18T14:33:48.227Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1.

Published: 2023-10-12T23:05:42.031Z
Updated: 2024-09-18T14:41:11.841Z

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.

Published: 2023-10-12T23:05:23.526Z
Updated: 2024-09-19T13:07:14.586Z

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1.

Published: 2023-10-12T23:04:18.124Z
Updated: 2025-02-27T20:41:40.825Z

An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-10-12T23:04:00.332Z
Updated: 2024-09-17T16:10:44.571Z

An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.

Published: 2023-10-12T23:03:45.324Z
Updated: 2024-09-18T14:21:02.483Z

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

Published: 2023-10-12T23:03:20.746Z
Updated: 2024-09-19T14:14:17.438Z

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. Note: jkdsd is not shipped with SRX Series devices and therefore are not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.

Published: 2023-10-11T20:55:03.190Z
Updated: 2024-08-02T19:59:51.590Z

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.

Published: 2023-10-11T20:08:26.308Z
Updated: 2024-12-03T14:49:41.755Z

An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

Published: 2023-10-12T23:02:53.740Z
Updated: 2024-09-19T13:09:31.750Z

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'

Published: 2023-10-12T23:02:34.571Z
Updated: 2024-09-17T16:11:00.874Z

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2.

Published: 2023-10-12T23:02:20.206Z
Updated: 2024-09-18T14:41:31.480Z

An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

Published: 2023-10-12T23:01:52.460Z
Updated: 2025-02-27T20:41:46.766Z

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.

Published: 2023-10-12T23:01:38.150Z
Updated: 2024-09-18T14:43:54.724Z

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2.

Published: 2023-10-12T23:01:04.910Z
Updated: 2024-09-18T14:42:48.225Z

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.

Published: 2023-10-12T23:00:43.889Z
Updated: 2024-09-19T13:10:23.081Z

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.

Published: 2023-10-12T23:00:51.422Z
Updated: 2024-09-19T13:09:58.159Z

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.

Published: 2023-10-12T22:59:53.340Z
Updated: 2024-09-19T13:10:45.668Z

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

Published: 2023-09-26T19:53:17.080Z
Updated: 2025-10-21T23:05:36.801Z

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S10 on MX Series; 19.2 versions prior to 19.2R3-S7 on MX Series; 19.3 versions prior to 19.3R3-S8 on MX Series; 19.4 versions prior to 19.4R3-S12 on MX Series; 20.1 version 20.1R1 and later versions on MX Series; 20.2 versions prior to 20.2R3-S7 on MX Series; 20.3 version 20.3R1 and later versions on MX Series; 20.4 versions prior to 20.4R3-S7 on MX Series; 21.1 versions prior to 21.1R3-S5 on MX Series; 21.2 versions prior to 21.2R3-S4 on MX Series; 21.3 versions prior to 21.3R3-S4 on MX Series; 21.4 versions prior to 21.4R3-S3 on MX Series; 22.1 versions prior to 22.1R3-S2 on MX Series; 22.2 versions prior to 22.2R3 on MX Series; 22.3 versions prior to 22.3R2, 22.3R3 on MX Series; 22.4 versions prior to 22.4R2 on MX Series.

Published: 2023-07-14T18:06:02.496Z
Updated: 2024-10-22T14:07:27.793Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S3; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R3-S2-EVO; 22.1-EVO versions prior to 22.1R3-S3-EVO; 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; 22.3-EVO versions prior to 22.3R2-EVO.

Published: 2023-07-14T17:58:25.911Z
Updated: 2024-10-22T14:18:47.090Z

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface. This issue affects Juniper Networks Junos OS: versions prior to 19.1R3-S10 on MX Series; 19.2 versions prior to 19.2R3-S7 on MX Series; 19.3 versions prior to 19.3R3-S8 on MX Series; 19.4 versions prior to 19.4R3-S12 on MX Series; 20.1 version 20.1R1 and later versions on MX Series; 20.2 versions prior to 20.2R3-S8 on MX Series; 20.3 version 20.3R1 and later versions on MX Series; 20.4 versions prior to 20.4R3-S7 on MX Series; 21.1 versions prior to 21.1R3-S5 on MX Series; 21.2 versions prior to 21.2R3-S5 on MX Series; 21.3 versions prior to 21.3R3-S4 on MX Series; 21.4 versions prior to 21.4R3-S4 on MX Series; 22.1 versions prior to 22.1R3-S3 on MX Series; 22.2 versions prior to 22.2R3-S1 on MX Series; 22.3 versions prior to 22.3R3 on MX Series; 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.

Published: 2023-07-14T17:52:37.019Z
Updated: 2024-10-22T14:19:00.639Z

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Published: 2023-08-17T19:16:53.657Z
Updated: 2025-10-21T23:05:40.988Z

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain  part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Published: 2023-08-17T19:18:00.406Z
Updated: 2025-10-21T23:05:40.458Z

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Published: 2023-08-17T19:17:57.183Z
Updated: 2025-10-21T23:05:40.639Z

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Published: 2023-08-17T19:17:47.904Z
Updated: 2025-10-21T23:05:40.828Z

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3;

Published: 2023-10-12T22:58:49.192Z
Updated: 2024-09-18T17:53:30.073Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.

Published: 2024-01-12T00:48:25.108Z
Updated: 2025-06-17T21:09:17.603Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;

Published: 2023-10-12T22:58:14.922Z
Updated: 2024-09-18T18:01:47.921Z

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;

Published: 2023-07-14T17:43:15.282Z
Updated: 2024-10-22T14:19:42.371Z

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2; Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 version 21.1R1-EVO and later versions; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S3-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R1-S1-EVO;

Published: 2023-10-12T22:56:24.897Z
Updated: 2024-09-18T18:03:21.702Z

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Published: 2023-07-14T16:26:24.554Z
Updated: 2024-10-22T14:31:56.652Z

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9; 20.1 version 20.1R2 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S6-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO.

Published: 2023-07-14T17:33:18.923Z
Updated: 2024-10-22T14:19:27.801Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS). If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover. This issue affects Juniper Networks Junos OS on QFX10000: 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-07-14T17:11:26.454Z
Updated: 2024-11-07T14:24:52.880Z

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted. This issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series: 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Published: 2023-07-14T17:04:36.052Z
Updated: 2024-10-22T14:30:54.560Z

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S2; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2-S1, 22.3R3; 22.4 versions prior to 22.4R1-S2, 22.4R2.

Published: 2023-07-14T15:56:44.005Z
Updated: 2024-11-07T14:37:52.265Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system. The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability. This issue affects Juniper Networks Junos OS on SRX Series: 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2-S1, 22.3R3; 22.4 versions prior to 22.4R1-S2, 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.

Published: 2023-07-14T14:56:32.306Z
Updated: 2024-11-07T14:41:49.644Z

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598. In order to identify the current SigPack version, following command can be used: user@junos# show security idp security-package-version

Published: 2023-07-14T16:34:24.993Z
Updated: 2024-11-07T14:28:11.378Z

A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:26:52.313Z

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:39:58.563Z

An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:40:20.322Z

A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; * 21.3 version 21.3R2 and later versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S1, 21.4R3; * 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; * 22.1-EVO versions prior to 22.1R2-EVO.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:41:05.635Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-26T19:21:39.224Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:42:26.215Z

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2, 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2; 22.4 versions prior to 22.4R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:42:59.703Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subscriber the bbe-smgd will crash, affecting the subscriber sessions that are connecting, updating, or terminating. Continued receipt of such packets will lead to a sustained DoS condition. When this issue happens the below log can be seen if the traceoptions for the processes smg-service are enabled: BBE_TRACE(TRACE_LEVEL_INFO, "%s: Dropped unsupported ICMP PKT ... This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:35:16.889Z

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-26T19:20:42.081Z

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:36:49.995Z

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix <address/mask> extensive Session ID: <session ID>, Status: Normal, State: Active Policy name: <name of policy> Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2;

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:37:27.516Z

A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-05T21:46:57.008Z

An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:38:56.341Z

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO;

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:39:18.192Z

An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:39:40.830Z

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 version 21.1R1 and later versions; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:40:04.334Z

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T14:40:32.215Z

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr_hostbound_packet_handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc_intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode (URI: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL) The logs list below can also be observed when this issue occurs fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107), scope: pfe, category: functional, severity: major, module: PE Chip, type: Description for PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107) in module: PE Chip with scope: pfe category: functional level: major fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a), scope: pfe, category: functional, severity: fatal, module: PE Chip, type: Description for PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal fpc0 Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.1R3-S10; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-03-03T19:31:31.592Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-08T13:33:02.446Z

A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-08T16:48:51.747Z

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T19:54:19.819Z

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T19:54:43.296Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:31:47.697Z

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:32:13.451Z

An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:32:39.451Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:32:59.491Z

An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and restart. Repeated execution of this command will lead to a sustained DoS. Such a configuration is characterized by the total number of port blocks being greater than the total number of hosts. An example for such configuration is: [ services nat source pool TEST-POOL address x.x.x.0/32 to x.x.x.15/32 ] [ services nat source pool TEST-POOL port deterministic block-size 1008 ] [ services nat source pool TEST-POOL port deterministic host address y.y.y.0/24] [ services nat source pool TEST-POOL port deterministic include-boundary-addresses] where according to the following calculation: 65536-1024=64512 (number of usable ports per IP address, implicit) 64512/1008=64 (number of port blocks per Nat IP) x.x.x.0/32 to x.x.x.15/32 = 16 (NAT IP addresses available in NAT pool) total port blocks in NAT Pool = 64 blocks per IP * 16 IPs = 1024 Port blocks host address y.y.y.0/24 = 256 hosts (with include-boundary-addresses) If the port block size is configured to be 4032, then the total port blocks are (64512/4032) * 16 = 256 which is equivalent to the total host addresses of 256, and the issue will not be seen. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:33:24.631Z

An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process it which will lead to an FPC crash and restart. Continued receipt of these specific packets will lead to a sustained Denial of Service. This issue can only occur when both below mentioned conditions are fulfilled: 1. Call distribution needs to be enabled: [security alg sip enable-call-distribution] 2. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX, and MX with SPC3 use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX 5000 Series: 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:33:49.634Z

An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:37:32.391Z

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:37:55.236Z

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:38:23.836Z

An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:38:46.011Z

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS on QFX10K Series: * All versions prior to 20.2R3-S7; * 20.4 versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S3; * 21.2 versions prior to 21.2R3-S1; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T19:55:11.399Z

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:39:07.634Z

When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:39:48.371Z

An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:40:07.629Z

An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the 'show system buffers' command. For example: user@junos> show system buffers | refresh 5 4054/566/4620 mbufs in use (current/cache/total) ... 4089/531/4620 mbufs in use (current/cache/total) ... 4151/589/4740 mbufs in use (current/cache/total) ... 4213/527/4740 mbufs in use (current/cache/total) This issue affects Juniper Networks Junos OS: 12.3 version 12.3R12-S19 and later versions; 15.1 version 15.1R7-S10 and later versions; 17.3 version 17.3R3-S12 and later versions; 18.4 version 18.4R3-S9 and later versions; 19.1 version 19.1R3-S7 and later versions; 19.2 version 19.2R3-S3 and later versions; 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7; 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10; 20.1 version 20.1R3-S1 and later versions; 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6; 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5; 21.1 version 21.1R2 and later versions prior to 21.1R3-S4; 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:41:27.867Z

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:42:48.152Z

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:43:11.641Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:43:29.583Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc". The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.

Published: 2023-10-12T22:55:42.016Z
Updated: 2024-08-02T10:07:06.639Z

A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.

Published: 2023-01-12T00:00:00.000Z
Updated: 2025-04-07T15:43:53.220Z

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.

Published: 2023-04-17T00:00:00.000Z
Updated: 2025-02-06T15:59:41.316Z

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.

Published: 2023-06-21T00:00:00.000Z
Updated: 2024-12-06T19:18:31.348Z

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Published: 2022-10-18T02:46:54.129Z
Updated: 2025-05-08T19:26:28.557Z

An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1.

Published: 2022-10-18T02:46:53.120Z
Updated: 2025-05-09T14:52:23.679Z

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can be between two local interfaces or between core/EVPN and local interface. The below error logs can be seen in PFE syslog when this issue happens: xss_event_handler(1071): EA[0:0]_PPE 46.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 46 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 1.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 1 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 2.xss[0] ADDR Error. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 15.1R7-S13; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2.

Published: 2022-10-18T02:46:52.062Z
Updated: 2025-05-09T15:13:33.869Z

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Published: 2022-10-18T02:46:48.799Z
Updated: 2025-05-09T15:35:37.345Z

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Published: 2022-10-18T02:46:47.740Z
Updated: 2025-05-09T15:35:57.557Z

An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Published: 2022-10-18T02:46:46.653Z
Updated: 2025-05-09T15:36:18.584Z

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Published: 2022-10-18T02:46:45.595Z
Updated: 2025-05-09T15:36:35.800Z

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

Published: 2022-10-18T02:46:44.522Z
Updated: 2025-05-09T15:36:51.240Z

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

Published: 2022-10-18T02:46:43.500Z
Updated: 2025-05-09T15:37:15.690Z

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.

Published: 2022-10-18T02:46:42.415Z
Updated: 2025-05-09T15:37:34.307Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO.

Published: 2022-10-18T02:46:40.306Z
Updated: 2025-05-10T02:35:56.995Z

An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved.

Published: 2022-10-18T02:46:39.268Z
Updated: 2025-05-10T02:36:59.393Z

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2022-10-18T02:46:38.240Z
Updated: 2025-05-10T02:37:41.505Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Published: 2022-10-18T02:46:37.181Z
Updated: 2025-05-10T02:39:23.740Z

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages | match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address <address> fpc0 Error[-1]:tvp_optics_presence_get - Syspld read failed for port <pic/port> fpc0 optics pres failed(-1) for pic <pic> port <port> fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.

Published: 2022-10-18T02:46:36.121Z
Updated: 2025-05-09T15:37:54.516Z

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.

Published: 2022-10-18T02:46:35.104Z
Updated: 2025-05-09T17:56:29.500Z

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

Published: 2022-10-18T02:46:34.119Z
Updated: 2025-05-09T18:10:44.844Z

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

Published: 2022-10-18T02:46:33.142Z
Updated: 2025-05-12T14:28:22.234Z

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.

Published: 2022-10-18T02:46:32.057Z
Updated: 2025-05-12T14:29:00.641Z

An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1.

Published: 2022-10-18T02:46:30.006Z
Updated: 2025-05-12T14:29:36.323Z

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series: 17.1 version 17.1R1 and later versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S7, 19.2R3-S1; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Junos OS versions prior to 17.1R1.

Published: 2022-10-18T02:46:27.900Z
Updated: 2025-05-12T14:41:51.679Z

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO.

Published: 2022-10-18T02:46:26.844Z
Updated: 2025-05-12T14:42:31.372Z

An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO.

Published: 2022-10-18T02:46:25.868Z
Updated: 2025-05-12T14:42:48.561Z

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event. These packets can be destined to the device or be transit packets. On devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service. This issue affects: Juniper Networks Junos OS on QFX10000 Series: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S1. An indicator of compromise may be seen by issuing the command: request pfe execute target fpc0 command "show jspec pechip[3] registers ps l2_node 10" timeout 0 | refresh 1 | no-more and reviewing for backpressured output; for example: GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE and requesting detail on the pepic wanio: request pfe execute target fpc0 command "show pepic 0 wanio-info" timeout 0 | no-more | match xe-0/0/0:2 GOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE as well as looking for tail drops looking at the interface queue, for example: show interfaces queue xe-0/0/0:2 resulting in: Transmitted: Total-dropped packets: 1094137 0 pps << LOOK HERE

Published: 2022-10-18T02:46:24.886Z
Updated: 2025-05-12T14:43:06.467Z

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2.

Published: 2022-07-20T14:15:51.700Z
Updated: 2024-09-17T00:15:46.928Z

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless 'routing-options flow firewall-install-disable' is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.

Published: 2022-10-18T02:46:23.907Z
Updated: 2025-05-12T14:43:24.715Z

Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service (DoS) condition. This issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have 'leave-sync-route-oldstyle' enabled. This issue affects: Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.3R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Published: 2022-10-18T02:46:22.897Z
Updated: 2025-05-12T14:43:47.381Z

On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.

Published: 2022-10-18T02:46:21.921Z
Updated: 2025-05-12T14:44:07.471Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. These MLD packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2.

Published: 2022-07-20T14:15:47.761Z
Updated: 2024-09-17T02:51:39.465Z

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.

Published: 2022-07-20T14:15:41.890Z
Updated: 2024-09-16T18:24:21.149Z

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/<pid>.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid <pid> (<process>), uid <uid> inumber <number> on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host <process>[<pid>]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host> show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host> file list /var/run/*.env | count need to be checked and if it indicates a high (>10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.

Published: 2022-07-20T14:15:37.769Z
Updated: 2024-09-17T01:11:06.894Z

An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO.

Published: 2022-07-20T14:15:29.370Z
Updated: 2024-09-17T02:36:44.141Z

A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO.

Published: 2022-07-20T14:15:23.806Z
Updated: 2024-09-16T16:22:28.305Z

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 Series, MX Series: 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.2 versions prior to 21.2R2-S1. This issue does not affect Juniper Networks Junos OS: All versions prior to 20.3R1; 21.1 version 21.1R1 and later versions.

Published: 2022-07-20T14:15:08.004Z
Updated: 2024-09-16T16:33:29.201Z

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 Series, MX Series: 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.2 versions prior to 21.2R2-S1. This issue does not affect Juniper Networks Junos OS: All versions prior to 20.3R1; 21.1 version 21.1R1 and later versions.

Published: 2022-07-20T14:15:08.004Z
Updated: 2024-09-16T16:33:29.201Z

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.

Published: 2022-07-20T14:14:38.968Z
Updated: 2024-09-17T00:10:57.561Z

A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.

Published: 2022-10-18T02:46:19.872Z
Updated: 2025-05-12T14:46:16.848Z

A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.1R1; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.

Published: 2022-07-20T14:14:10.722Z
Updated: 2024-09-16T23:45:53.701Z

A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat management). Continued receipt of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 20.2 versions prior to 20.2R3-S4 on SRX Series; 20.3 versions prior to 20.3R3-S3 on SRX Series; 20.4 versions prior to 20.4R3-S3 on SRX Series; 21.1 versions prior to 21.1R3-S1 on SRX Series; 21.2 versions prior to 21.2R2-S2, 21.2R3 on SRX Series; 21.3 versions prior to 21.3R2 on SRX Series; 21.4 versions prior to 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Published: 2022-07-20T14:13:41.390Z
Updated: 2024-09-16T18:08:32.626Z

A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat management). Continued receipt of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 20.2 versions prior to 20.2R3-S4 on SRX Series; 20.3 versions prior to 20.3R3-S3 on SRX Series; 20.4 versions prior to 20.4R3-S3 on SRX Series; 21.1 versions prior to 21.1R3-S1 on SRX Series; 21.2 versions prior to 21.2R2-S2, 21.2R3 on SRX Series; 21.3 versions prior to 21.3R2 on SRX Series; 21.4 versions prior to 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Published: 2022-07-20T14:13:41.390Z
Updated: 2024-09-16T18:08:32.626Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules. This issue affects Juniper Networks Junos OS on SRX Series: 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.3R1.

Published: 2022-07-20T14:12:50.665Z
Updated: 2024-09-17T01:46:28.226Z

An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP traffic. The SIP call usage can be monitored by "show security alg sip calls". To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with: user@host> show security alg status | match sip SIP : Enabled Please verify on MX whether the following is configured: [ services ... rule <rule-name> (term <term-name>) from/match application/application-set <name> ] where either a. name = junos-sip or an application or application-set refers to SIP: b. [ applications application <name> application-protocol sip ] or c. [ applications application-set <name> application junos-sip ] This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R2-S2; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Published: 2022-07-20T14:12:08.333Z
Updated: 2024-09-16T16:17:32.073Z

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4.

Published: 2022-07-20T14:11:21.678Z
Updated: 2024-09-16T20:57:25.587Z

An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to restart. On affected PTX Series devices, processing specific MPLS packets received on an interface with multiple units configured may cause FPC to restart unexpectedly. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects PTX Series devices utilizing specific FPCs found on PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series devices, only if multiple units are configured on the ingress interface, and at least one unit has 'family mpls' *not* configured. See the configuration sample below for more information. No other platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS on PTX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

Published: 2022-07-20T14:10:38.457Z
Updated: 2024-09-17T01:36:56.175Z

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX: All versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.

Published: 2022-10-18T02:46:18.870Z
Updated: 2025-05-12T14:46:41.456Z

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.

Published: 2022-04-14T15:51:01.439Z
Updated: 2024-09-17T02:57:45.257Z

An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.

Published: 2022-04-14T15:50:59.662Z
Updated: 2024-09-16T17:24:13.425Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Published: 2022-04-14T15:50:58.157Z
Updated: 2024-09-16T20:59:04.245Z

An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

Published: 2022-04-14T15:50:56.689Z
Updated: 2024-09-16T23:11:31.592Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS.

Published: 2022-04-14T15:50:55.258Z
Updated: 2024-09-17T04:20:48.042Z

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO.

Published: 2022-04-14T15:50:53.728Z
Updated: 2024-09-17T02:06:34.600Z

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.

Published: 2022-04-14T15:50:52.290Z
Updated: 2024-09-16T18:08:39.651Z

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1.

Published: 2022-04-14T15:50:47.811Z
Updated: 2024-09-16T16:57:36.592Z

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1.

Published: 2022-04-14T15:50:43.593Z
Updated: 2024-09-16T18:24:01.434Z

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when 'preserve-incoming-fragment-size' feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1.

Published: 2022-04-14T15:50:42.148Z
Updated: 2024-09-16T22:20:45.803Z

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO.

Published: 2022-12-23T23:03:51.372Z
Updated: 2025-04-14T14:28:03.238Z

An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS.

Published: 2022-04-14T15:50:40.506Z
Updated: 2024-09-16T20:13:18.471Z

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.

Published: 2022-04-14T15:50:39.024Z
Updated: 2024-09-16T17:03:27.545Z

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Published: 2022-04-14T15:50:37.275Z
Updated: 2024-09-17T02:36:11.063Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA <<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series.

Published: 2022-01-19T00:21:31.093Z
Updated: 2024-09-17T02:42:37.964Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through the following log messages: Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer When Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 213301a8 536870488 387228840 149641648 27 Kernel 1 91800000 8388608 3735120 4653488 55 DMA 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC 3 d330000 335544320 257091400 78452920 23 Bcm_sdk 4 96800000 184549376 2408 184546968 99 Packet DMA <<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects: Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series; 19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series; 21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series.

Published: 2022-01-19T00:21:31.093Z
Updated: 2024-09-17T02:42:37.964Z

A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). In a scenario where DHCP relay or local server is configured the problem can be triggered if a DHCPv4 packet with specific options is received leading to a corruption of the options read from the packet. This corruption can then lead to jdhcpd crash and restart. This issue affects: Juniper Networks Junos OS 17.4R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2, 21.2R3; 21.3 versions prior to 21.3R1-S1, 21.3R2.

Published: 2022-01-19T00:21:29.644Z
Updated: 2024-09-17T02:41:40.267Z

A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped. This issue affects: Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2022-01-19T00:21:28.309Z
Updated: 2024-09-17T01:05:59.860Z

A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Published: 2022-01-19T00:21:26.884Z
Updated: 2024-09-16T23:31:19.366Z

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is configured in a DHCP snooping / -security scenario, jdhcpd crashes if a specific malformed DHCP request packet is received. The DHCP functionality is impacted while jdhcpd restarts, and continued exploitation of the vulnerability will lead to the unavailability of the DHCP service and thereby a sustained DoS. This issue affects Juniper Networks Junos OS 13.2 version 13.2R1 and later versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect Juniper Networks Junos OS version 12.3R12 and prior versions.

Published: 2022-01-19T00:21:25.532Z
Updated: 2024-09-16T17:53:09.073Z

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2022-01-19T00:21:24.193Z
Updated: 2024-09-16T20:02:47.465Z

A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition. The following error logs may be observed using the "show heap" command and the device may eventually run out of memory if such packets are received continuously. Jan 12 12:00:00 device-name fpc0 (buf alloc) failed allocating packet buffer Jan 12 12:00:01 device-name fpc0 (buf alloc) failed allocating packet buffer user@device-name> request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 246fc1a8 536870488 353653752 183216736 34 Kernel 1 91800000 16777216 12069680 4707536 28 DMA 2 92800000 75497472 69997640 5499832 7 PKT DMA DESC 3 106fc000 335544320 221425960 114118360 34 Bcm_sdk 4 97000000 176160768 200 176160568 99 Packet DMA <<<<<<<<<<<<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects Juniper Networks Junos OS on QFX5000 Series, EX4600: 18.3R3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect Juniper Networks Junos OS: Any versions prior to 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Published: 2022-01-19T00:21:22.775Z
Updated: 2024-09-16T20:32:58.063Z

A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition. The following error logs may be observed using the "show heap" command and the device may eventually run out of memory if such packets are received continuously. Jan 12 12:00:00 device-name fpc0 (buf alloc) failed allocating packet buffer Jan 12 12:00:01 device-name fpc0 (buf alloc) failed allocating packet buffer user@device-name> request pfe execute target fpc0 timeout 30 command "show heap" ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 246fc1a8 536870488 353653752 183216736 34 Kernel 1 91800000 16777216 12069680 4707536 28 DMA 2 92800000 75497472 69997640 5499832 7 PKT DMA DESC 3 106fc000 335544320 221425960 114118360 34 Bcm_sdk 4 97000000 176160768 200 176160568 99 Packet DMA <<<<<<<<<<<<<< 5 903fffe0 20971504 20971504 0 0 Blob This issue affects Juniper Networks Junos OS on QFX5000 Series, EX4600: 18.3R3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect Juniper Networks Junos OS: Any versions prior to 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Published: 2022-01-19T00:21:22.775Z
Updated: 2024-09-16T20:32:58.063Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS. This issue affects Juniper Networks Junos OS: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue can be observed by monitoring the memory utilization of the pkid process via: root@jtac-srx1500-r2003> show system processes extensive | match pki 20931 root 20 0 733M 14352K select 0:00 0.00% pkid which increases over time: root@jtac-srx1500-r2003> show system processes extensive | match pki 22587 root 20 0 901M 181M select 0:03 0.00% pkid

Published: 2022-01-19T00:21:21.450Z
Updated: 2024-09-16T20:53:18.810Z

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected. The memory utilization of the L2CPd process can be monitored with the following command: user@host> show system processes extensive | match l2cpd 1234 root 52 0 521M 43412K RUN 1 4:02 34.47% l2cpd This issue affects: Juniper Networks Junos OS 18.4 version 18.4R2-S4 and later versions prior to 18.4R2-S10. 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS 19.1 version 19.1R1 and later versions.

Published: 2022-01-19T00:21:20.016Z
Updated: 2024-09-16T20:36:59.235Z

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1.

Published: 2022-01-19T00:21:18.633Z
Updated: 2024-09-16T16:43:40.834Z

A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions of Junos OS prior to 19.4R1.

Published: 2022-01-19T00:21:17.254Z
Updated: 2024-09-17T04:23:57.528Z

An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the "INIT" state which can be observed by issuing the following command: user@device> show ospf3 neighbor ID Interface State xx.xx.xx.xx ae100.0 Init <<<<<<<<<< An indicator of compromise can be seen in log files when traceoptions for OSPFv3 are enabled before the issue occurs. These logfile messages are as follows: OSPF restart signaling: Received hello with LR bit set from nbr ip=xx::xx id=xx.xx.xx.xx. Set oob-resync capabilty 1. OSPF Restart Signaling: Start helper mode for nbr ip xx::xx id xx.xx.xx.xx OSPF restart signaling: abort helper mode for nbr ip=xx::xx id=xx.xx.xx.xx OSPF neighbor xx::xx (realm ipv6-unicast <interface.unit> area xx.xx.xx.xx) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) (nbr helped: 0) This issue affects: Juniper Networks Junos OS. 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect any version of Juniper Networks Junos OS 12.3. This issue affects Juniper Networks Junos OS Evolved all versions prior to 21.2R2-EVO.

Published: 2022-01-19T00:21:15.827Z
Updated: 2024-09-17T00:35:44.752Z

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2.

Published: 2022-01-19T00:21:14.397Z
Updated: 2024-09-17T04:10:28.486Z

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-policy, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.

Published: 2022-01-19T00:21:12.979Z
Updated: 2024-09-16T23:30:20.864Z

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-policy, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.

Published: 2022-01-19T00:21:12.979Z
Updated: 2024-09-16T23:30:20.864Z

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2022-01-19T00:21:11.594Z
Updated: 2024-09-16T18:39:36.973Z

An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.

Published: 2022-01-19T00:21:08.883Z
Updated: 2024-09-16T17:43:18.165Z

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2.

Published: 2022-01-19T00:21:07.388Z
Updated: 2024-09-16T18:50:18.995Z

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that an irq handled by the fman process is shown to be using a high percentage of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 31 root -84 -187 0K 16K WAIT 22.2H 56939.26% irq96: fman0 This issue affects Juniper Networks Junos OS: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.

Published: 2022-01-19T00:21:05.957Z
Updated: 2024-09-16T18:29:11.836Z

An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS). In a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message. This issue affects Juniper Networks Junos OS on MX Series: 16.1 version 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.

Published: 2022-01-19T00:21:04.016Z
Updated: 2024-09-17T03:59:29.486Z

A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast routing equal-cost multi-path (ECMP) unilist selection. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. An indicator of compromise may be to monitor NETISR drops in the network with the assistance of JTAC. Please contact JTAC for technical support for further guidance. This issue affects: Juniper Networks Junos OS 17.3 version 17.3R3-S9 and later versions prior to 17.3R3-S12; 17.4 version 17.4R3-S3 and later versions prior to 17.4R3-S5; 18.1 version 18.1R3-S11 and later versions prior to 18.1R3-S13; 18.2 version 18.2R3-S6 and later versions; 18.3 version 18.3R3-S4 and later versions prior to 18.3R3-S5; 18.4 version 18.4R3-S5 and later versions prior to 18.4R3-S9; 19.1 version 19.1R3-S3 and later versions prior to 19.1R3-S7. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R3-S9. This issue does not affect Juniper Networks Junos OS Evolved.

Published: 2022-01-19T00:21:02.359Z
Updated: 2024-09-16T20:37:13.987Z

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.

Published: 2022-01-19T00:21:00.456Z
Updated: 2024-09-17T04:04:12.921Z

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.

Published: 2022-01-19T00:21:00.456Z
Updated: 2024-09-17T04:04:12.921Z

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Published: 2022-01-19T00:20:58.950Z
Updated: 2024-09-17T02:42:11.955Z

An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.

Published: 2022-01-19T00:20:57.603Z
Updated: 2024-09-17T02:21:13.492Z

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.

Published: 2022-01-19T00:20:56.229Z
Updated: 2024-09-17T04:14:05.043Z

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. This issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3: All versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2-S9, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2.

Published: 2022-01-19T00:20:54.857Z
Updated: 2024-09-17T01:50:42.071Z

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2.

Published: 2021-10-19T18:17:31.942Z
Updated: 2024-09-17T01:16:54.566Z

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Published: 2021-10-19T18:17:30.207Z
Updated: 2024-09-16T16:17:37.197Z

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Published: 2021-10-19T18:17:28.030Z
Updated: 2024-09-16T17:37:44.972Z

In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.

Published: 2021-10-19T18:17:26.471Z
Updated: 2024-09-16T20:21:34.268Z

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces.

Published: 2021-10-19T18:17:24.737Z
Updated: 2024-09-17T01:05:37.909Z

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces.

Published: 2021-10-19T18:17:24.737Z
Updated: 2024-09-17T01:05:37.909Z

An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC ["FPC ID" # e.g. "0"] PFE #{PFE ID # e.g. "1"] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.

Published: 2021-10-19T18:17:19.849Z
Updated: 2024-09-16T22:56:51.495Z