CVE-2021-0242

A vulnerability due to the improper handling of direct memory access DMA buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service DoS condition by exhausting DMA buffers, causing the FPC to crash and the device to...

CVE-2021-0244

A signal handler race condition exists in the Layer 2 Address Learning Daemon L2ALD of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. This issue is a corner case...

CVE-2021-0243

Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service DoS condition. When the firewall policer discard action fails on a Layer 2 port, it wi...

CVE-2021-0257

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...

CVE-2021-0227

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service DoS by sending certain crafted HTTP packets. Continued receipt and processing of these packets will creat...

CVE-2021-0238

When a MX Series is configured as a Broadband Network Gateway BNG based on Layer 2 Tunneling Protocol L2TP, executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monito...

CVE-2021-0238

When a MX Series is configured as a Broadband Network Gateway BNG based on Layer 2 Tunneling Protocol L2TP, executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monito...

CVE-2021-0237

On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager FXPC process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processi...

CVE-2021-0237

On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager FXPC process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processi...

CVE-2021-0239

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit AFT manager process Evo-aftmand, responsible for handling Route, Class-of-Service CoS, Firewall operations within the packet forwarding engine PFE to crash and...

CVE-2021-0228

An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC Modular Port Concentrator deployed in Ethernet VPN EVPN-Virtual Extensible LAN VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause...

Design/Logic Flaw

On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager FXPC process may crash and restart upon receipt of specific layer 2 frames. Continued receipt and processi...

Design/Logic Flaw

A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber BRAS nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon ANCPD to crash and restart, leading to a Denial of Service DoS...

Design/Logic Flaw

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit AFT manager process Evo-aftmand, responsible for handling Route, Class-of-Service CoS, Firewall operations within the packet forwarding engine PFE to crash and...

Command injection

When a MX Series is configured as a Broadband Network Gateway BNG based on Layer 2 Tunneling Protocol L2TP, executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monito...

Input validation

Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service DoS condition. When the firewall policer discard action fails on a Layer 2 port, it wi...

CVE-2021-0243 Junos OS: EX4300: Stateless firewall policer fails to discard traffic

Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service DoS condition. When the firewall policer discard action fails on a Layer 2 port, it wi...

CVE-2021-0239

In Juniper Networks Junos OS Evolved, a vulnerability (CVE-2021-0239) exists where a continuous stream of specific genuine Layer 2 frames can cause the AFT manager process (Evo-aftmand) to crash and restart the packet forwarding engine (PFE), resulting in a Denial of Service. Affected: Junos OS E...

CVE-2021-0228 Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment

An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC Modular Port Concentrator deployed in Ethernet VPN EVPN-Virtual Extensible LAN VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause...

CVE-2021-0224 Junos OS: ANCPD core when hitting maximum-discovery-table-entries limit

A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber BRAS nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon ANCPD to crash and restart, leading to a Denial of Service DoS...