EUVD-2017-2254

Malware in sbrugna...

Design/Logic Flaw

An Unchecked Error Condition vulnerability in the subscriber management daemon smgd of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service DoS. In a subscriber management / broadband edge environment if a single session group...

Design/Logic Flaw

Receipt of a specially crafted Connectionless Network Protocol CLNP datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly...

Juniper Junos OS Denial of Service Vulnerability (CNVD-2017-32281)

Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Junos OS version 16.1R1. An attacker could exploit this vulnerability to cause ...

Design/Logic Flaw

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

CVE-2017-10607 Junos: rpd core due to receipt of specially crafted BGP packet

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit PDU sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this...

Juniper Networks Junos Space Information Disclosure Vulnerability

Juniper Networks Junos Space is a network management solution from Juniper Networks, Inc. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. An information disclosure vulnerability exists in Juniper Networks Junos Spac...

CVE-2017-2311

On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition...

CVE-2017-2305

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation...

CVE-2017-2306

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device...

CVE-2017-2309

Affected product: Juniper Networks Junos Space (versions prior to 16.1R1). Vulnerability: Information disclosure due to certificate-based authentication enabling access to restricted web services over the network. Impact: Confidentiality impact is high; information leak risk reported. Status/reme...

CVE-2017-2305

CVE-2017-2305 concerns Juniper Networks Junos Space prior to 16.1R1, where an insufficient authorization check in the administrative web interface lets readonly users create privileged accounts, enabling privilege escalation. The vulnerability path and impact are described in the NVD entry as a u...

CVE-2017-2306

CVE-2017-2306 affects Juniper Networks Junos Space: versions prior to 16.1R1 suffer from an insufficient authorization check in the administrative web interface, allowing readonly users to execute code on the device. This is described in the NVD entry for CVE-2017-2306, which notes remote code ex...