Lucene search
K

203 matches found

NVD
NVD
added 2023/09/19 1:16 p.m.23 views

CVE-2022-47557

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

6.1CVSS6.3AI score0.00115EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 8:23 p.m.67 views

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...

5CVSS8.4AI score0.94205EPSS
Exploits28
Tenable Nessus
Tenable Nessus
added 2023/08/25 12:0 a.m.209 views

Juniper Junos OS Pre-Auth RCE (JSA72300)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA72300 advisory. - A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series allows an unauthenticated, network-based attacker to...

9.8CVSS7.8AI score0.94205EPSS
Exploits28References9
The Hacker News
The Hacker News
added 2023/08/19 7:38 a.m.77 views

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of...

9.8CVSS7.7AI score0.94205EPSS
Exploits28
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS6.4AI score0.84692EPSS
In wildExploits2References3Affected Software1
Prion
Prion
added 2023/08/17 8:15 p.m.32 views

Code injection

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...

5CVSS7AI score0.89628EPSS
Exploits7References2Affected Software1
CVE
CVE
added 2023/08/17 7:18 p.m.344 views

CVE-2023-36846

CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...

5.3CVSS6.2AI score0.94205EPSS
In wildExploits4References2Affected Software1
CVE
CVE
added 2023/08/17 7:17 p.m.487 views

CVE-2023-36844

CVE-2023-36844 affects Juniper Junos OS on EX Series (J-Web) and enables an unauthenticated, network-based attacker to modify PHP environment variables, potentially causing partial integrity loss and enabling vulnerability chaining. Affected versions include multiple 20.4R3-S9 through 23.2R2 line...

5.3CVSS7.1AI score0.89628EPSS
In wildExploits7References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.27 views

Juniper Junos OS Vulnerability (JSA69513)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69513 advisory. - An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service...

7.5CVSS7.4AI score0.00884EPSS
Exploits0References2
NVD
NVD
added 2023/07/14 6:15 p.m.23 views

CVE-2023-36835

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

7.5CVSS0.00537EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/14 5:11 p.m.18 views

CVE-2023-36835 Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

7.5CVSS6.8AI score0.00537EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/14 4:34 p.m.22 views

CVE-2023-28985 SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention IDP of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service DoS. Continued receipt of this specific packet will cause a...

7.5CVSS7.8AI score0.00524EPSS
Exploits0References1
CVE
CVE
added 2023/07/14 3:56 p.m.47 views

CVE-2023-36832

Summary: CVE-2023-36832 is an Improper Handling of Exceptional Conditions in Junos OS on MX Series, where unauthenticated attackers can send packets to the AMS interface to crash the PFE and cause DoS. Affected products/versions (MX Series Junos OS): all prior to 19.1R3-S10; 19.2 prior to 19.2R3-...

7.5CVSS7.4AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/14 3:56 p.m.17 views

CVE-2023-36832 Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interface

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices AMS interface on the device, causing the packet forwarding engine PF...

7.5CVSS7.6AI score0.00537EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/14 12:0 a.m.36 views

Juniper Junos OS Vulnerability (JSA70192)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70192 advisory. An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine RE of Juniper Networks Junos OS allows an unauthenticated network-based attacker t...

7.5CVSS7AI score0.00563EPSS
Exploits0References2
NVD
NVD
added 2023/04/17 10:15 p.m.24 views

CVE-2023-28963

An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

5.3CVSS5.3AI score0.00482EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 10:15 p.m.27 views

CVE-2023-28962

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

9.8CVSS6.6AI score0.00559EPSS
Exploits0References1
Prion
Prion
added 2023/04/17 10:15 p.m.20 views

Race condition

A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol BGP software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service DoS by...

5CVSS7.4AI score0.00616EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/04/17 10:15 p.m.22 views

Authentication flaw

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

7.5CVSS9.4AI score0.00559EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/17 12:0 a.m.9 views

CVE-2023-28962 Junos OS: Unauthenticated access vulnerability in J-Web

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...

5.3CVSS7AI score0.00559EPSS
Exploits0References1
Rows per page
Query Builder