| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).
When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart.
'show route ... extensive' is not affected.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-S6-EVO,
* 24.2 versions before 24.2R2-S2-EVO,
* 24.4 versions before 24.4R2-EVO. |
| A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition.
For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-EVO,
* from 23.4 before 23.4R2-EVO. |
| An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash.
When
the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart.
Continued receipt of these specific updates will cause a sustained Denial of Service condition.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* All versions of 21.4,
* All versions of 22.2,
* from 22.4 before 22.4R3-S7,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2.
Junos OS Evolved:
* All versions of 21.2-EVO,
* All versions of 21.4-EVO,
* All versions of 22.2-EVO,
* from 22.4 before 22.4R3-S7-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO. |
| A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead to an rpd crash and restart. This occurs specifically when the connection request fails during error-handling scenario.
Continued session establishment failures leads to a sustained DoS condition.
This issue affects Junos OS:
* All versions before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 22.2R3-S6-EVO,
* from 22.4 before 22.4R3-S6-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO. |
| A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise.
Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system.
This issue affects Junos OS Evolved:
* All versions before 22.2R3-S7-EVO,
* from 22.4 before 22.4R3-S7-EVO,
* from 23.2 before 23.2R2-S4-EVO,
* from 23.4 before 23.4R2-S5-EVO,
* from 24.2 before 24.2R2-S1-EVO
* from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. |
| An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects:
Junos OS:
* all versions before 21.4R3-S11,
* from 22.2 before 22.2R3-S7,
* from 22.4 before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2-S1,
* from 24.4 before 24.4R1-S3, 24.4R2;
Junos OS Evolved:
* all versions before 22.2R3-S7-EVO,
* from 22.4-EVO before 22.4R3-S7-EVO,
* from 23.2-EVO before 23.2R2-S4-EVO,
* from 23.4-EVO before 23.4R2-S5-EVO,
* from 24.2-EVO before 24.2R2-S1-EVO,
* from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO. |
| An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).
Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S11,
* from 22.2 before 22.2R3-S7,
* from 22.4 before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2,
* from 24.4 before 24.4R1-S3, 24.4R2
Junos OS Evolved:
* All versions before 22.2R3-S7-EVO,
* from 22.4-EVO before 22.4R3-S7-EVO,
* from 23.2-EVO before 23.2R2-S4-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO,
* from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO. |
| A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of Service (DoS). Continuous receipt of the malformed AS PATH attribute will cause a sustained DoS condition.
On all Junos OS and Junos OS Evolved platforms, the rpd process will crash and restart when a specifically malformed AS PATH is received within a BGP update and traceoptions are enabled.
This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not impacted by this issue.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9,
* all versions of 21.4,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
This is a more complete fix for previously published CVE-2024-39549 (JSA83011). |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.
The device is only affected if BGP RIB sharding and update-threading is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-EVO. |
| An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.
Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.
This issue affects Junos OS: * All versions before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3.
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S3-EVO. |
| An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* All versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S2,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R2.
Junos OS Evolved:
* All versions before 22.2R3-S4-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R2-EVO. |
| An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).
When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO. |
| A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.
This issue only affects systems configured with IPv6.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2;
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S4-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-EVO. |
| An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.
This issue affects:
Junos OS:
* 22.4 versions before 22.4R3-S1,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R1-S1, 23.4R2,
This issue does not affect Junos OS versions earlier than 22.4R1.
Junos OS Evolved:
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,
This issue does not affect Junos OS Evolved versions earlier than
before 22.4R1. |
| A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects
Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.
Junos OS Evolved: * All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S2-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R2-EVO. |
| An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters.
This issue affects Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* 22.2-EVO before 22.2R3-S4-EVO,
* 22.3-EVO before 22.3R3-S4-EVO,
* 22.4-EVO before 22.4R3-S3-EVO,
* 23.2-EVO before 23.2R2-S1-EVO,
* 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. |
| An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.
On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows
a low-privileged user can access sensitive information compromising the confidentiality of the system.
Junos OS Evolved:
* All versions before 20.4R3-S9-EVO,
* 21.2-EVO before 21.2R3-S7-EVO,
* 21.4-EVO before 21.4R3-S5-EVO,
* 22.1-EVO before 22.1R3-S5-EVO,
* 22.2-EVO before 22.2R3-S3-EVO,
* 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,
* 22.4-EVO before 22.4R3-EVO,
* 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. |
| A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS).
When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-EVO. |
| An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.
A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration.
This issue affects:
Junos OS:
* all versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S2, 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S5-EVO,
* 24.2-EVO versions before 24.2R2-S1-EVO
* 24.4-EVO versions before 24.4R2-EVO. |
| An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.
When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.
This issue affects:
Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S8,
* 22.2 versions before 22.2R3-S6,
* 22.3 versions before 22.3R3-S3,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S1,
* 23.4 versions before 23.4R1-S2, 23.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S6-EVO,
* 23.2-EVO versions before 23.2R2-S1-EVO,
* 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO. |
