203 matches found
CVE-2022-47557
Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...
Juniper Junos OS Pre-Auth RCE (JSA72300)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA72300 advisory. - A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series allows an unauthenticated, network-based attacker to...
New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now
Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of...
CVE-2023-36847
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
Code injection
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...
CVE-2023-36846
CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...
CVE-2023-36844
CVE-2023-36844 affects Juniper Junos OS on EX Series (J-Web) and enables an unauthenticated, network-based attacker to modify PHP environment variables, potentially causing partial integrity loss and enabling vulnerability chaining. Affected versions include multiple 20.4R3-S9 through 23.2R2 line...
Juniper Junos OS Vulnerability (JSA69513)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69513 advisory. - An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service...
CVE-2023-36835
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...
CVE-2023-36835 Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...
CVE-2023-28985 SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received
An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention IDP of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service DoS. Continued receipt of this specific packet will cause a...
CVE-2023-36832
Summary: CVE-2023-36832 is an Improper Handling of Exceptional Conditions in Junos OS on MX Series, where unauthenticated attackers can send packets to the AMS interface to crash the PFE and cause DoS. Affected products/versions (MX Series Junos OS): all prior to 19.1R3-S10; 19.2 prior to 19.2R3-...
CVE-2023-36832 Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interface
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices AMS interface on the device, causing the packet forwarding engine PF...
Juniper Junos OS Vulnerability (JSA70192)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70192 advisory. An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine RE of Juniper Networks Junos OS allows an unauthenticated network-based attacker t...
CVE-2023-28963
An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...
CVE-2023-28962
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...
Race condition
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol BGP software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service DoS by...
Authentication flaw
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...
CVE-2023-28962 Junos OS: Unauthenticated access vulnerability in J-Web
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to...