CVE-2024-39513

CVE-2024-39513 maps to a local, low-privilege DoS in Juniper Networks Junos OS Evolved due to an Improper Input Validation in the Packet Forwarding Engine (PFE). The vulnerability is triggered by a specific CLI command; when executed, the Advanced Forwarding Toolkit (evo-aftmand-bt/zx) crashes an...

CVE-2024-39512 Junos OS Evolved: User is not logged out when the console cable is disconnected

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a...

CVE-2024-39512

The CVE-2024-39512 issue affects Junos OS Evolved consoles. Root cause: improper physical access control where disconnecting the console cable leaves the session active, enabling a local attacker with physical access to resume a prior session and potentially gain administrative privileges. Affect...

CVE-2024-39562 Junos OS Evolved: A high rate of SSH connections causes a Denial of Service

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon sshd instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service DoS by blocking SSH access for legitimate...

CVE-2024-39562

Junos OS Evolved is affected by CVE-2024-39562 due to a Missing Release of Resource after Effective Lifetime in the xinetd process, which can crash and leave defunct sshd processes under high concurrent SSH load. This denial-of-service blocks SSH access and dependent SSH services (SFTP, Netconf o...

CVE-2024-39560

Juniper Junos OS and Junos OS Evolved are affected by CVE-2024-39560 via the routing protocol daemon (rpd). The issue is an improper handling of exceptional conditions that lets a logically adjacent downstream RSVP neighbor induce kernel memory exhaustion and a DoS. Affected ranges include multip...

CVE-2024-39560 Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service DoS...

CVE-2024-39560 Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service DoS...

CVE-2024-39559

Junos OS Evolved vulnerability CVE-2024-39559 affects dual RE systems with NSR enabled. An unauthenticated network attacker can crash the device (vmcore) by sending a specific TCP packet over an established session using MD5 authentication (e.g., BGP with MD5). The issue stems from an improper ch...

CVE-2024-39558

CVE-2024-39558 affects Junos OS and Junos OS Evolved. An Unchecked Return Value in Routing Protocol Daemon (rpd) can be triggered by a specific PIM packet when MoFRR is configured, causing rpd to crash and reboot and leading to DoS. Impact is confirmed on multiple Junos OS/Junos OS Evolved versio...

CVE-2024-39557

CVE-2024-39557 describes an Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS Evolved, caused by a memory leak in the Layer 2 Address Learning Daemon (l2ald) triggered by certain MAC table updates. This memory leak can exhaust system memory, causing a crash and DoS. Aff...

CVE-2024-39557 Junos OS Evolved: MAC table changes cause a memory leak

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service DoS...

CVE-2024-39556

Summary of CVE-2024-39556 : A stack-based buffer overflow vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker with CLI access to load a crafted certificate via the set security certificates command, potentially crashing the command management da...

CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...

CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...

CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service DoS. Continued recei...

CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service DoS. Continued recei...

CVE-2024-39555

Summary of vulnerability (CVE-2024-39555): Juniper Networks Junos OS and Junos OS Evolved RPD mishandles certain malformed BGP Update messages when segment routing is enabled, causing session resets and potential DoS. A remote attacker must have at least one established BGP session; affected are ...

CVE-2024-39554 Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when...

CVE-2024-39554

CVE-2024-39554 affects Juniper Networks Junos OS and Junos OS Evolved when BGP multipath is enabled. The vulnerability is in the Routing Protocol Daemon (rpd) caused by a race condition from concurrent execution using shared resources during the BGP multipath incremental calculation, which can al...