Juniper Security Vulnerabilities
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions...
8.8CVSS
5.5AI Score
0.002EPSS
An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are.....
9.8CVSS
8.1AI Score
0.002EPSS
Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects....
8.8CVSS
8.9AI Score
0.006EPSS
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a...
8.1CVSS
8AI Score
0.007EPSS
Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a...
5.9CVSS
5.6AI Score
0.001EPSS
QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE)...
9.8CVSS
9.6AI Score
0.002EPSS
Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure...
9.8CVSS
8.8AI Score
0.002EPSS
After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does...
7.5CVSS
7.5AI Score
0.003EPSS
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered...
7.5CVSS
5.6AI Score
0.004EPSS
Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper...
7.5CVSS
7.4AI Score
0.003EPSS
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of...
9.8CVSS
9.7AI Score
0.014EPSS
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in...
9.8CVSS
9.1AI Score
0.002EPSS
A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing...
5.9CVSS
5.5AI Score
0.003EPSS
An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions...
7.8CVSS
7.7AI Score
0.001EPSS
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in...
9.8CVSS
9.1AI Score
0.002EPSS
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to...
9.8CVSS
9.3AI Score
0.002EPSS
Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in...
9.8CVSS
9.2AI Score
0.002EPSS
While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases...
6.5CVSS
6.5AI Score
0.001EPSS
The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this...
7.5CVSS
7.4AI Score
0.001EPSS
Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly...
9.8CVSS
7.8AI Score
0.016EPSS
A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number.....
7.5CVSS
7.6AI Score
0.003EPSS
A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does...
5.9CVSS
6.3AI Score
0.002EPSS
On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by....
7.5CVSS
6.1AI Score
0.003EPSS
Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to...
7.5CVSS
7.4AI Score
0.001EPSS
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that....
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX...
7.5CVSS
6.6AI Score
0.001EPSS
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
5.5CVSS
5.6AI Score
0.0004EPSS
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database...
9.8CVSS
9AI Score
0.005EPSS
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...
9.8CVSS
7.6AI Score
0.001EPSS
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service.....
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to...
6.5CVSS
6.4AI Score
0.001EPSS
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to...
6.5CVSS
4.9AI Score
0.026EPSS
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are...
6.5CVSS
6.3AI Score
0.001EPSS
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management...
5.4CVSS
5.8AI Score
0.001EPSS
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass...
5.9CVSS
6.1AI Score
0.004EPSS
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root...
7.8CVSS
8.3AI Score
0.0004EPSS
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the...
6.5CVSS
6.8AI Score
0.001EPSS
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40;...
8.8CVSS
8.6AI Score
0.001EPSS
A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and...
6.5CVSS
6.7AI Score
0.001EPSS
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number.....
6.5CVSS
6.1AI Score
0.001EPSS
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...
9.8CVSS
9.7AI Score
0.06EPSS
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in.....
8.2CVSS
6.1AI Score
0.001EPSS
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
7.5CVSS
7.8AI Score
0.001EPSS
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases...
9.8CVSS
9.4AI Score
0.005EPSS
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
8.1CVSS
8.4AI Score
0.002EPSS
Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on...
7.5CVSS
7.5AI Score
0.003EPSS
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service...
8.8CVSS
8.6AI Score
0.001EPSS
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors......
9.8CVSS
10AI Score
0.002EPSS
On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured....
7.5CVSS
5.7AI Score
0.001EPSS
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1...
9.8CVSS
9.7AI Score
0.006EPSS