Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Node.js Body and header Vulnerabilities
October 13, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-34866 – Linux Kernel Vulnerability
October 14, 2021

Rewterz Threat Advisory – Multiple Juniper Networks Junos OS and CTPView

Severity

High

Analysis Summary

CVE-2021-31365 

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted stream of layer 2 frames, a remote attacker could exploit this vulnerability to cause an Aggregated Ethernet (AE) interface to go down, and results in a denial of service condition.

CVE-2021-31364 

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a race condition in the flow daemon (flowd). By sending a specially-crafted network traffic, a remote attacker could exploit this vulnerability to cause the flowd/srxpfe process to crash, and results in a denial of service condition.

CVE-2021-31360 

Juniper Networks Junos OS and Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper privilege management flaw in the command-line interpreter (CLI). By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to overwrite local files as root or cause a denial of service condition.

CVE-2021-31359 

Juniper Networks Junos OS and Junos OS Evolved could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper privilege management flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary commands as root and cause the Juniper DHCP daemon (jdhcpd) process to crash.

CVE-2021-31358 

Juniper could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in command processing. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary shell commands within the context of the current user.

CVE-2021-31357 

Juniper could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in command processing. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary shell commands within the context of the current user.

CVE-2021-31356 

Juniper could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in command processing. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary shell commands within the context of the current user.

CVE-2021-31350

Juniper Networks Junos OS and Junos OS Evolved could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an improper privilege management flaw in the gRPC framework. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.

CVE-2021-0299 

Juniper Networks Junos OS is vulnerable to a denial of service, caused by improper handling of exceptional conditions in the processing of a transit or directly received IPv6 packet. By sending a specially-crafted IPv6 packet, a remote attacker could exploit this vulnerability to cause the kernel to crash, and results in a denial of service condition.

CVE-2021-0298 

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a race condition in the ‘show chassis pic’ command. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to crash the port interface concentrator daemon (picd) process on the FPC.

CVE-2021-0297 

Juniper Networks Junos OS Evolved could allow a remote attacker to bypass security restrictions, caused by a flaw in the processing of TCP MD5 authentication. By sending a specially-crafted request, an attacker could exploit this vulnerability to establish a BGP or LDP session configured with MD5 authentication.

CVE-2021-0296 

Juniper Networks CTPView could provide weaker than expected security, caused by not enforcing HTTP Strict Transport Security (HSTS). An attacker could exploit this vulnerability to perform downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Impact

  • Denial of Service
  • Privilege Escalation
  • Command Execution
  • Security Bypass

Affected Vendors

  • Juniper

Affected Products

  • Juniper Networks Junos OS
  • Juniper Networks EX4300
  • Juniper Networks EX2300
  • Juniper Networks EX3400
  • Juniper Networks EX4400
  • Juniper Networks Junos OS Evolved
  • Juniper Networks Junos OS 18.4
  • Juniper Networks Junos OS 19.1
  • Juniper Networks Junos OS 19.2
  • Juniper Networks Junos OS 19.3
  • Juniper Networks Junos OS 19.4
  • Juniper Networks Junos OS 20.1
  • Juniper Networks Junos OS 20.2
  • Juniper Networks Junos OS 20.3
  • Juniper Networks Junos OS 20.4
  • Juniper Networks PTX10003
  • Juniper Networks PTX10008

Remediation

Refer to Juniper Advisory for patch, upgrade, or suggested workaround information.

CVE-2021-31365

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11227&cat=SIRT_1&actp=LIST

CVE-2021-31364

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11222&cat=SIRT_1&actp=LIST

CVE-2021-31360

Juniper Networks Junos OS Evolved

CVE-2021-31359

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11222&cat=SIRT_1&actp=LIST

CVE-2021-31358

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11221&cat=SIRT_1&actp=LIST

CVE-2021-31357

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11221&cat=SIRT_1&actp=LIST

CVE-2021-31356

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11221&cat=SIRT_1&actp=LIST

CVE-2021-31350

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11215&cat=SIRT_1&actp=LIST

CVE-2021-0299

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11213&cat=SIRT_1&actp=LIST

CVE-2021-0298

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11212&cat=SIRT_1&actp=LIST

CVE-2021-0297

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11211&cat=SIRT_1&actp=LIST

CVE-2021-0296

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11210&cat=SIRT_1&actp=LIST