CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

EUVD-2026-31948

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

CVE-2026-21919

Summary: CVE-2026-21919 describes an Incorrect Synchronization vulnerability in Juniper mgd (management daemon) on Junos OS and Junos OS Evolved. When NETCONF sessions are rapidly opened and closed, a locking issue can cause mgd processes to hang in a lockf state, eventually hitting the maximum p...

CVE-2023-53908

CVE-2023-53908 affects Belden HiSecOS 04.0.01. A privilege-escalation flaw allows authenticated users to modify their access role via crafted XML in NETCONF payloads sent to the /mops_data endpoint, elevating to administrative level. Affected component: XML-based NETCONF configuration handling; r...

PT-2025-51946

Name of the Vulnerable Software and Affected Versions HiSecOS version 04.0.01 Description The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the /mops data API endpoint using NETCONF...

EUVD-2025-27574

Malicious code in bioql PyPI...

Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

PT-2024-1116 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 22.2R2-S2, 22.2R3 Juniper Networks Junos OS versions prior to 22.3R2, 22.3R3 Juniper Networks Junos OS Evolved versions prior to 22.2R2-S2-EVO, 22.2R3-EVO Juniper Networks Junos OS Evolved versions...

CVE-2023-44184

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

Juniper Networks Junos OS and Junos OS Evolved Buffer Error Vulnerability

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system designed for use with the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...

PT-2023-1106 · Cisco · Cisco Network Services Orchestrator

Name of the Vulnerable Software and Affected Versions: Cisco Network Services Orchestrator NSO affected versions not specified Description: A vulnerability in the NETCONF service could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system running as the ro...

CVE-2022-20717

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service DoS condition. This vulnerability is due to insufficient memory management when an affected device...

Cisco Sd-Wan Vedge安全漏洞

The Cisco Sd-Wan Vedge is a router from Cisco USA. A security vulnerability exists in the Cisco SD-WAN vEdge that originates from an attacker being able to create a memory leak in the Cisco SD-WAN vEdge via NETCONF to trigger a denial of service...

CVE-2021-31352

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit thi...

Juniper Networks SRX Series 加密问题漏洞

The Juniper Networks SRX Series is a set of SRX Series service gateway appliances from Juniper Networks, Inc. The Juniper Networks SRC Series suffers from a cryptographic issue vulnerability that stems from NETCONF over SSH allowing weak password negotiation. An attacker could exploit this...

PT-2021-1897 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN products affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against an affected device. O...