1242 matches found
The vulnerability of the implementation of the IP/MPLS protocol in Juniper Networks’ Junos OS-based QFX10000 series routers allows a attacker to cause a service failure.
The vulnerability of the IP/MPLS protocol implementation in Juniper Networks’ Junos OS-based QFX10000 routers stems from improper validation of certain indices, positions, or offsets in the input data. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending...
CVE-2022-22249
An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service DoS. When there is a continuous mac move a memory corruption causes one or mo...
CVE-2022-22250
An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service DoS. In an EVPN-MPLS scenario, if MAC is learned locally on an access...
CVE-2022-22246
A PHP Local File Inclusion LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack...
CVE-2022-22244
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affect...
CVE-2022-22243
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...
CVE-2022-22251
On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX softwa...
CVE-2022-22232
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On SRX Series If Unified Threat Management UTM Enhanced Content Filtering CF is enabled and...
CVE-2022-22240
An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice Do...
CVE-2022-22230
An Improper Input Validation vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS Denial of Service. If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while...
CVE-2022-22237
An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to...
CVE-2022-22231
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On SRX Series if Unified Threat Management UTM Enhanced Content Filtering CF and...
CVE-2022-22201
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service DoS. On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when...
CVE-2022-22225
A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service DoS. In a BGP multipath scenario, when one of the...
CVE-2022-22219
Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle MITM attack, can send a specific EVPN route...
CVE-2022-22226
In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS conditio...
CVE-2022-22224
An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon PPMD process to go into an infinite loop,...
CVE-2022-22223
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping PHP nodes with link aggregation group LAG interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packet...
PT-2022-5296 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S9 Junos OS versions 19.2 prior to 19.2R3-S6 Junos OS versions 19.3 prior to 19.3R3-S6 Junos OS versions 19.4 prior to 19.4R2-S7 Junos OS versions 19.4 prior to 19.4R3-S8 Junos OS versions 20.1 prior to...
Vulnerability fixes in Juniper Junos OS and Junos OS Evolved
Vulnerabilities have been fixed in Juniper Junos OS and Junos OS Evolved. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User...