Lucene search
K

1242 matches found

OSV
OSV
added 2018/10/10 6:29 p.m.5 views

CVE-2018-0055

Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge BBE environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded ...

5.3CVSS5.8AI score0.00601EPSS
Exploits0References2
OSV
OSV
added 2018/10/10 6:29 p.m.5 views

CVE-2018-0048

A vulnerability in the Routing Protocols Daemon RPD with Juniper Extension Toolkit JET support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue onl...

7.5CVSS5.8AI score0.02887EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.3 views

MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Denial of Service

Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash vmcore, causing the device to reboot. The issue is specific to the processing of Broadband Edge BBE client route processing on MX Series subscriber management platforms, introduced by the Tomcat Next...

7.8CVSS5.5AI score0.01394EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.2 views

Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in Draft-Rosen MVPN configuration

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

8.8CVSS6.1AI score0.01148EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.3 views

NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

An insecure SSHD configuration in Juniper Device Manager JDM and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are...

9.8CVSS5.6AI score0.01342EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.3 views

Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow daemon (flowd) related to SIP ALG

A Denial of Service vulnerability in the SIP application layer gateway ALG component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon flowd process. This issue affects Junos OS devices with NAT or stateful firewall configuration in...

7.5CVSS5.6AI score0.01594EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.2 views

Junos OS: Denial of Service in J-Web

A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series;...

7.5CVSS5.6AI score0.02299EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.3 views

Junos OS: Denial of service in telnetd

A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to...

5.3CVSS5.6AI score0.02265EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.4 views

Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)

On MX Series and M120/M320 platforms configured in a Broadband Edge BBE environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem...

9.6CVSS5.6AI score0.01137EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.4 views

Junos OS: Unauthenticated remote root access possible when RSH service is enabled

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

9.3CVSS5.7AI score0.0485EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 6:29 p.m.4 views

Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support.

A vulnerability in the Routing Protocols Daemon RPD with Juniper Extension Toolkit JET support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue onl...

7.5CVSS5.6AI score0.02887EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/07/11 6:29 p.m.4 views

Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) and PTX1K: Line card may crash upon receipt of specific MPLS packet.

Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 FPC-P1, FPC-P2 line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper...

7.5CVSS5.5AI score0.02425EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/07/11 6:29 p.m.2 views

CVE-2018-0026

After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0 show interfaces extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does n...

7.5CVSS5.8AI score0.01765EPSS
Exploits0References3
OSV
OSV
added 2018/07/11 6:29 p.m.3 views

CVE-2018-0024

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/07/11 6:29 p.m.3 views

Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a...

5.9CVSS5.3AI score0.01398EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/07/11 6:29 p.m.5 views

CVE-2018-0037

Junos OS routing protocol daemon RPD process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of...

9.8CVSS6.3AI score0.03769EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/07/11 6:29 p.m.4 views

Junos OS: Receipt of malformed RSVP packet may lead to RPD denial of service

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon RPD to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via...

7.5CVSS5.5AI score0.02425EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/07/11 6:29 p.m.5 views

CVE-2018-0034

A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing...

5.9CVSS5.8AI score0.0215EPSS
Exploits0References3
OSV
OSV
added 2018/07/11 6:29 p.m.3 views

CVE-2018-0029

While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart vmcore. This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases pri...

6.5CVSS5.8AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/06/07 12:0 a.m.5 views

The vulnerability of the Junos operating system, related to uncontrolled resource consumption, allows a perpetrator to trigger a service failure.

The vulnerability of the Junos operating system is related to an uncontrolled consumption of resources when processing certain MPLS Multiprotocol Label Switching packets. Exploiting this vulnerability allows a malicious actor to cause service failures by using specially crafted MPLS packets...

9.8CVSS5.5AI score0.02337EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder