CVE-2024-21599

CVE-2024-21599 concerns a memory-release after lifetime issue in the PFE of Juniper Junos OS on MX Series with MPC3E. A memory leak is triggered when the device receives PTP packets on a MPC3E that does not support PTP, potentially causing unpredictable behavior and an MPC crash/restart (DoS) in ...

CVE-2024-21599 Junos OS: MX Series: MPC3E memory leak with PTP configuration

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. If an MX Series device receives PTP packets on an MPC3E that doesn't...

CVE-2024-21597 Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

CVE-2024-21597

Summary: CVE-2024-21597 is a Juniper MX Series Junos OS vulnerability in the Packet Forwarding Engine (PFE) where, in an AF scenario with routing-instances, valid traffic can bypass lo0 firewall filters. This allows an unauthenticated, network-based attacker to bypass intended access restrictions...

CVE-2024-21587 Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon bbe-smgd of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory...

CVE-2024-21587 Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled

An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon bbe-smgd of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory...

PT-2024-1135 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on MX Series versions prior to 20.4R3-S9 Juniper Networks Junos OS on MX Series version 21.2 versions prior to 21.2R3-S7 Juniper Networks Junos OS on MX Series version 21.3 versions prior to 21.3R3-S5 Juniper Network...

PT-2024-1117 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S9 Junos OS versions 21.2 prior to 21.2R3-S6 Junos OS versions 21.3 prior to 21.3R3-S5 Junos OS versions 21.4 prior to 21.4R3 Junos OS versions 22.1 prior to 22.1R3 Junos OS versions 22.2 prior to 22.2R2 Juno...

PT-2024-1108 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on MX Series and EX9200 Series versions earlier than 20.4R3-S7 Juniper Networks Junos OS on MX Series and EX9200 Series version 21.1 versions earlier than 21.1R3-S5 Juniper Networks Junos OS on MX Series and EX9200...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

Authentication flaw

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function...

Sql injection

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

Command injection

An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zult...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

Zultys MX Series Security Vulnerability

Zultys MX Series is a series of IP phones from Zultys USA. A security vulnerability exists in Zultys MX Series that stems from susceptibility to SQL injection attacks...

Zultys MX Series Security Vulnerability

Zultys MX Series is a series of IP phones from Zultys Corporation in the United States. A security vulnerability exists in Zultys MX Series that originates from an operating system command injection attack that allows a remote, authenticated user to execute the attack...

CVE-2023-43743

CVE-2023-43743 describes a SQL injection in Zultys MX-Series: MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30. The vulnerability allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint of the Zultys...

Zultys MX Series Security Vulnerability

Zultys MX Series is a series of IP phones from Zultys USA. A security vulnerability exists in Zultys MX Series, which stems from a susceptibility to authentication bypass, allowing an attacker to gain full administrative access without valid credentials...

CVE-2023-43742

The CVE affects Zultys MX-Series IP endpoints (MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, MX30). The flaw is an authentication bypass caused by a protection mechanism failure in the authentication function: if the administrator client ignores a login failure and keeps sending requests on port 7505...