CVE-2024-21614

Summary: CVE-2024-21614 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper check for unusual or exceptional conditions in the Routing Protocol Daemon (RPD). When NETCONF and gRPC are enabled and a specific Dynamic Rendering (DREND) query is executed, RPD crashes and ...

The vulnerability of the Management Daemon (MGD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to induce a service failure.

The vulnerability of the Management Daemon MGD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by executing a specifi...

CVE-2023-44184

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

Design/Logic Flaw

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

CVE-2023-44184 Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

CVE-2023-44184

The CVE-2023-44184 issue affects Juniper Networks Junos OS and Junos OS Evolved in the mgd (management daemon) component. A memory-buffer bound check violation allows a network-based, authenticated, low-privileged attacker to execute a specific NETCONF command that can cause CPU denial of service...

Juniper Junos OS Vulnerability (JSA73147)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73147 advisory. - An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS...

Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization

Cisco IOS XR Software supports a programmatic way of configuring and collecting operational data on a network device using data models. Data models provide access to the capabilities of the devices in a network using NETCONF or gRPC. According to Cisco IOS XR Software configuration guides, if...

The vulnerability of the NETCONF protocol implementation in the Cisco Network Services Orchestrato (NSO) software solution allows a hacker to elevate their privileges to the root level in the system and cause service failures.

The vulnerability of the NETCONF protocol implementation in the Cisco Network Services Orchestrator NSO software lies in incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to elevate their privileges to the root...

CVE-2023-20040

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

CVE-2023-20040

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

Input validation

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

CVE-2023-20040

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

CVE-2023-20040

Cisco NSO NETCONF service vulnerability (CVE-2023-20040): authenticated admin-group user can upload crafted packages via NETCONF, triggering input validation failure that may write/delete arbitrary files and cause DoS on root-run NSO. Affected: Cisco Network Services Orchestrator; root access pos...

Juniper Networks Junos OS Detection Consolidation

Consolidation of Juniper Networks Junos OS detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...

Cisco Network Services Orchestrator Path Traversal Vulnerability

A vulnerability in the RESTCONF and NETCONF services of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of th...

NETCONF Detection

Binary data netconfdetect.nbin...

Cisco IOS XE Software NETCONF Over SSH DoS (cisco-sa-ncossh-dos-ZAkfOdq8)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition DoS on an affected device. This vulnerability i...

CVE-2022-20717

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service DoS condition. This vulnerability is due to insufficient memory management when an affected device...

CVE-2022-20692

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition DoS on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this...