Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-22235

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-18 Oct, 2022 | 02:46
Updated At-10 May, 2025 | 02:39
Rejected At-
Credits

Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:18 Oct, 2022 | 02:46
Updated At:10 May, 2025 | 02:39
Rejected At:
▼CVE Numbering Authority (CNA)
Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • SRX Series
Versions
Affected
  • From 20.2 before 20.2R3-S5 (custom)
  • From 20.3 before 20.3R3-S4 (custom)
  • From 20.4 before 20.4R3-S3 (custom)
  • From 21.1 before 21.1R3-S2 (custom)
  • From 21.2 before 21.2R3-S1 (custom)
  • From 21.3 before 21.3R3 (custom)
  • From 21.4 before 21.4R1-S2, 21.4R2 (custom)
  • From 22.1 before 22.1R1-S1, 22.1R2 (custom)
Unaffected
  • From unspecified before 20.2R1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754 Improper Check for Unusual or Exceptional Conditions
textN/ADenial of Service (DoS)
Type: CWE
CWE ID: CWE-754
Description: CWE-754 Improper Check for Unusual or Exceptional Conditions
Type: text
CWE ID: N/A
Description: Denial of Service (DoS)
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, and all subsequent releases.

Configurations

A device can only be affected by this vulnerability if the following configuration is present: [security gtp profile <profile> end-user-address-validated]

Workarounds

This issue can be temporarily mitigated by disabling the end-point-address-validated security feature.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA69891
N/A
Hyperlink: https://kb.juniper.net/JSA69891
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA69891
x_transferred
Hyperlink: https://kb.juniper.net/JSA69891
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:18 Oct, 2022 | 03:15
Updated At:21 Oct, 2022 | 19:01

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.2
cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Primarynvd@nist.gov
CWE-754Secondarysirt@juniper.net
CWE ID: CWE-754
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-754
Type: Secondary
Source: sirt@juniper.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.juniper.net/JSA69891sirt@juniper.net
Vendor Advisory
Hyperlink: https://kb.juniper.net/JSA69891
Source: sirt@juniper.net
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

354Records found
CVE-2021-31374
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE or KEEPALIVE message.

On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47502
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.43% / 61.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:31
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: TCP session state is not always cleared on the Routing Engine leading to DoS

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved:  * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-Junos OS Evolvedjunos_evolved
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-30394
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.25% / 47.81%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:07
Updated-06 Feb, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OSJunos OS Evolvedjunos_os_evolvedjunos_os
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30392
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:07
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-Junos OSjunos_os
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-30401
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.2||HIGH
EPSS-0.08% / 25.14%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:26
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;  This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-Junos OS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30398
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.20% / 41.93%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:26
Updated-06 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX4600 Series - A high amount of specific traffic causes packet drops and an eventual PFE crash

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS:   * 21.2 before 21.2R3-S7, * 21.4 before 21.4R3-S6,  * 22.1 before 22.1R3-S5, * 22.2 before 22.2R3-S3, * 22.3 before 22.3R3-S2, * 22.4 before 22.4R3, * 23.2 before 23.2R1-S2, 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junossrx4600Junos OSjunos
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-44185
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:02
Updated-19 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet

An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-20
Improper Input Validation
CVE-2023-44192
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:03
Updated-18 Sep, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5000 Series: DMA memory leak is observed when specific DHCP packets are transmitted over pseudo-VTEP

An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfk5210qfk5700qfk5110qfk5130junosqfk5200qfk5230qfk5220qfk5120Junos OSjunos_os
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-21601
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 46.07%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:53
Updated-14 Nov, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Due to an error in processing TCP events flowd will crash

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-21606
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.14%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:54
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4000srx550_hmsrx220srx240h2srx5400srx100srx3400srx300srx2300srx550junossrx240msrx210srx1500srx380srx4200srx340srx4100srx240srx3600srx5000srx1400srx1600srx4300srx320srx5600srx650srx4600srx550msrx4700Junos OS
CWE ID-CWE-415
Double Free
CVE-2024-21602
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:54
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: ACX7024, ACX7100-32C and ACX7100-48L: Traffic stops when a specific IPv4 UDP packet is received by the RE

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21604
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:54
Updated-03 Jun, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: A high rate of specific traffic will cause a complete system outage

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-21585
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.23%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:50
Updated-14 Nov, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash

An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-0283
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.14%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 20:00
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore)

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" These issue are only triggered by traffic destined to the device. Transit traffic will not trigger these issues. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 16.1 version 16.1R1 and later versions; 16.2 version 16.2R1 and later versions; 17.1 version 17.1R1 and later versions; 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S12; 17.4 version 17.4R1 and later versions; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-0264
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured

A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240junos_os_evolvedmx10008mx150mx10ptx10008mx2020mx10003mx10016mx2010mx5ptx10003mx10000mx204mx480mx104junosmx80mx40Junos OSJunos OS Evolved
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-0261
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.20%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17 on EX Series; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230 on SRX Series; 16.1 versions prior to 16.1R7-S8; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400srx345srx5800srx380srx4200srx340ex9200srx4100ex4300ex3400ex9250ex2300srx5400ex4650srx550srx300ex4600srx320srx5600junosex2300-csrx4600srx1500Junos OS
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-44186
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 20:08
Updated-03 Dec, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash when attempting to send a very long AS PATH to a non-4-byte-AS capable BGP neighbor

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-44191
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:03
Updated-19 Sep, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfk5210qfk5700ex4400ex9200ex4100_multigigabitex4300_multigigabitex4300ex4400-24xex3400ex9250ex2300ex4650ex4100-fex4400_multigigabitqfk5110ex4100ex4600qfk5130junosqfk5200ex2300-cex2300_multigigabitqfk5230qfk5220qfk5120Junos OSjunos_os
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-0258
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.43%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Kernel panic upon receipt of specific TCPv6 packet on management interface

A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets will create a sustained Denial of Service (DoS) condition. This issue only occurs when TCPv6 packets are routed through the management interface. Other transit traffic, and traffic destined to the management interface, are unaffected by this vulnerability. This issue was introduced as part of a TCP Parallelization feature added in Junos OS 17.2, and affects systems with concurrent network stack enabled. This feature is enabled by default, but can be disabled (see WORKAROUND section below). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-0227
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.94%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. When this issue occurs, web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD) daemons might crash. This issue affects Juniper Networks Junos OS on SRX Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx4100srx220srx240srx3600srx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600srx1500Junos OS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-0250
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD

In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CVE-2021-0206
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured.

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx380srx4200srx340nfx150srx4100srx5400srx550srx300srx320nfx250nfx350srx5600junossrx4600srx1500Junos OS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-0207
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded.

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN. This causes a Denial of Service (DoS) to those clients sending these particular types of traffic. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious, and can be targeted to the device, or destined through it for the issue to occur. This issues affects IPv4 and IPv6 traffic. An indicator of compromise may be found by checking log files. You may find that traffic on the input interface has 100% of traffic flowing into the device, yet the egress interface shows 0 pps leaving the device. For example: [show interfaces "interface" statistics detail] Output between two interfaces would reveal something similar to: Ingress, first interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/0 Up 9999999999 (9999) 1 (0) -------------------- Egress, second interface: -------------------- Interface Link Input packets (pps) Output packets (pps) et-0/0/1 Up 0 (0) 9999999999 (0) -------------------- Dropped packets will not show up in DDoS monitoring/protection counters as issue is not caused by anti-DDoS protection mechanisms. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S7 on NFX250, QFX5K Series, EX4600; 17.4 versions prior to 17.4R2-S11, 17.4R3-S3 on NFX250, QFX5K Series, EX4600; 18.1 versions prior to 18.1R3-S9 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4600; 18.2 versions prior to 18.2R3-S3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600; 18.3 versions prior to 18.3R3-S1 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.2 versions prior to 19.2R1-S5, 19.2R2 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.3 versions prior to 19.3R2-S3, 19.3R3 on NFX250, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series; 19.4 versions prior to 19.4R1-S2, 19.4R2 on NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series. This issue does not affect Junos OS releases prior to 17.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx5130qfx5220ex4600qfx5200nfx250nfx350qfx5210junosqfx5110qfx5120qfx5100ex4300ex3400ex2300Junos OS
CWE ID-CWE-115
Misinterpretation of Input
CWE ID-CWE-436
Interpretation Conflict
CVE-2021-0202
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3R3-S8; 17.4R3-S2; 18.2R3-S4, 18.2R3-S5; 18.3R3-S2, 18.3R3-S3; 18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6; 19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1; 19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3; 20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2. This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx150ex9200mx10mx2020mx10003mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-21611
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.46%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:55
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a memory leak and eventually an rpd crash

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-36841
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:58
Updated-18 Sep, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OSjunos_os
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-22401
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.13%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-0012
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CVE-2019-0044
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.48%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface

Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5600srx5400srx5800junosJunos OS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-0051
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.42%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5600srx5400srx5800junosJunos OS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-0001
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd).

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.Fedora Project
Product-junosfedoraJunos OS
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-0037
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.23% / 45.28%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message

In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CVE-2019-0064
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet

On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5600srx5400srx5800junosJunos OS
CVE-2019-0066
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.46%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-394
Unexpected Status Code or Return Value
CVE-2019-0031
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.52% / 65.83%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets.

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-28985
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 16:34
Updated-07 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598. In order to identify the current SigPack version, following command can be used: user@junos# show security idp security-package-version

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345mx2008mx960mx240srx5800srx110srx4000srx550_hmsrx220srx240h2vsrxmx2010mx5srx5400srx100srx3400srx300srx550mx104junosmx80srx240msrx210srx1500srx380srx4200srx340mx10008mx150srx4100mx10srx240mx2020srx3600mx10003srx5000mx10016srx1400mx10000mx204mx480srx320srx5600mx40srx650srx4600csrxsrx550mJunos OSjunos_os
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2023-28967
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.47%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash

A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-28964
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.22%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2023-28982
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-0063
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.81%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message

When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx204mx480mx104junosmx80mx40vmxJunos OS
CVE-2019-0052
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.95%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:40
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets

The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx4000srx550srx300srx5600junossr4600srx4600srx1500Junos OS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-436
Interpretation Conflict
CVE-2019-0043
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: RPD process crashes upon receipt of a specific SNMP packet

In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5800qfx5210-64cacx1100srx4000acx2100nfx150qfx5210ex_redundant_power_systemqfx5110acx500ex3300ex3400qfx5200-48ysrx5400ex4650acx2000acx2200srx550ex2200srx300qfx5200acx6360junosacx5096ex4550srx1500acx4000ex4200qfx10008qfx10002ex9200qfx5120qfx10016qfx5100ex4300ex2200-cex9250ex2300ex4600qfx5200-32cnfx250acx1000srx5600acx5048ex2300-csrx4600acx5448Junos OS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-0060
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.33%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets

The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-0055
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.33%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.

A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2019-0019
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.70%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BGP packets can trigger rpd crash when BGP tracing is enabled.

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-0059
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-0075
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM

A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CVE-2019-0028
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: RPD process crashes due to specific BGP peer restarts condition.

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-0056
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2010mx960mx2008mx480junosmx2020Junos OS
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2019-0003
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core.

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex3300\/vcsrx345srx5800srx110srx220ex6200ex3400srx5400srx100srx3400srx300srx550junosex4550\/vcsrx210ex3200srx1500qfx3500srx4200ex4200srx340srx4100srx240srx3600qfx5100ex4300ex2300srx1400ex2200\/vcex4600srx320srx5600srx650ex8200\/vc_\(xre\)qfx3600Junos OS
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found