CVE-2020-1615

The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue...

CVE-2020-1623

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1...

CVE-2020-1618

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command...

The vulnerability of the Broadband Edge service in the Junos OS router MX Series allows a attacker to cause a service failure.

The vulnerability of the Broadband Edge service on Junos OS routers of the MX Series exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability involves the implementation of the Path Computation Element Protocol (PCEP) protocol in the Junos operating system, which allows a attacker to trigger a service failure.

The vulnerability of implementing the Path Computation Element Protocol PCEP protocol in the Junos operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Junos OS’ Routing Protocol Daemon (RPD) allows a attacker to cause a service failure.

The vulnerability of the Junos OS’ Routing Protocol Daemon RPD is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the IP address filtering function in the Junos OS operating system allows attackers to compromise data integrity and violate data confidentiality.

The vulnerability of the IP address filtering function in the Junos OS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and violate data confidentiality...

Juniper Networks Junos OS and Junos OS Evolved Resource Management Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A resource management error vulnerability exists in the IPv4 JDHCPD service in Juniper Networks Junos OS and Junos OS...

CVE-2020-1602

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This iss...

CVE-2020-1603

Specific IPv6 packets sent by clients processed by the Routing Engine RE are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the...

CVE-2020-1605

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2020-1609

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2020-1608

Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge BBE service may trigger a kernel crash vmcore, causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Serie...

CVE-2020-1601

Certain types of malformed Path Computation Element Protocol PCEP packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client PCC in a PCEP environment using Juniper's path computational element protocol daemon pccd process allows an attacker to...

Juniper Networks Junos OS JDHCPD Command Injection Vulnerability

Juniper Networks Junos OS is a set of network operating systems dedicated to the company's hardware devices. A security vulnerability in Juniper Networks Junos OS Dynamic Host Configuration Protocol Daemon JDHCPD can be exploited by a remote attacker to submit a special IPv6 request that can be...

Juniper Networks Junos OS IP firewall filter access control error vulnerability

Juniper Networks Junos OS is a set of network operating systems dedicated to the company's hardware devices. A security vulnerability exists in the Juniper Networks Junos OS IP firewall filter, which can be exploited by remote attackers to submit a special request that can bypass security...

Junos OS vulnerable to directory traversal

Overview Junos OS contains a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Files on the server may be...

Juniper Networks Junos OS pccd Denial of Service Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS contains security vulnerabilities. An attacker can exploit this vulnerability with malformed Pat...

Juniper Networks Junos OS Path Traversal Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A path traversal vulnerability in Juniper Networks Junos OS can be exploited by an authenticated, remote attacker to submi...

Juniper Networks Junos OS Cross-Site Scripting Vulnerability (CNVD-2020-03713)

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A cross-site scripting vulnerability exists in J-Web in Juniper Networks Junos OS, which arises from a lack of proper...