Lucene search
K
JuniperJunos Os Evolved

239 matches found

CVE
CVE
added 2022/07/20 2:15 p.m.906 views

CVE-2022-22215

CVE-2022-22215 describes a Denial of Service in Junos OS and Junos OS Evolved due to a missing release of file descriptors/handles after a gRPC connection ends. The root cause is that /var/run/.env files may not be deleted when a gRPC session terminates, potentially exhausting inodes. Affected pr...

6.5CVSS5.8AI score0.00543EPSS
CVE
CVE
added 2021/07/15 8:1 p.m.215 views

CVE-2021-0286

CVE-2021-0286 affects Juniper Networks Junos OS Evolved (EVO). A vulnerability in handling of exceptional conditions can be triggered by specially crafted packets, causing the evo-aftmand-bt or evo-aftmand-zx process to crash and restart, which disrupts all traffic through the FPC and leads to a ...

7.8CVSS7.5AI score0.01056EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.206 views

CVE-2023-22402

CVE-2023-22402 is a Use After Free in the Junos OS Evolved kernel that can cause a Denial of Service in NSR when a BGP neighbor flap occurs while bgp auto-discovery is enabled. Affected: Juniper Junos OS Evolved 21.3 before 21.3R3-EVO; 21.4 before 21.4R2-EVO; 22.1 before 22.1R2-EVO; 22.2 before 2...

5.9CVSS5.6AI score0.00521EPSS
CVE
CVE
added 2023/10/12 10:56 p.m.124 views

CVE-2023-36839

The CVE-2023-36839 issue affects Juniper Networks Junos OS and Junos OS Evolved. Affected component: Layer-2 control protocols daemon (l2cpd). Root cause: Improper validation of specified quantity in input, triggered by specific LLDP packets from an unauthenticated adjacent attacker, leading to a...

6.5CVSS6.5AI score0.0027EPSS
CVE
CVE
added 2021/07/15 8:1 p.m.110 views

CVE-2021-0291

CVE-2021-0291 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability is an Exposure of System Data where a network-based, unauthenticated attacker can send traffic that partially reaches a sensitive system resource, potentially causing partial DoS through elevated CPU on the RE...

6.5CVSS6.2AI score0.01008EPSS
CVE
CVE
added 2023/10/12 10:59 p.m.109 views

CVE-2023-44175

CVE-2023-44175 affects Junos OS and Junos OS Evolved. A Reachable Assertion in the routing protocol daemon (rpd) can be triggered by specific genuine PIM packets, causing rpd to crash and leading to a Denial of Service. The impact is a sustained DoS, with exploitation described as dependent on re...

7.5CVSS6.8AI score0.00515EPSS
CVE
CVE
added 2021/01/15 5:35 p.m.108 views

CVE-2021-0211

CVE-2021-0211 describes an improper check in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) that allows an attacker to inject a valid BGP FlowSpec message, causing unexpected changes to route advertisements in the BGP FlowSpec domain and leading to a DoS condition. A...

10CVSS9.4AI score0.01317EPSS
CVE
CVE
added 2023/08/31 11:46 p.m.105 views

CVE-2023-4481

CVE-2023-4481 describes an improper input validation in Juniper’s Routing Protocol Daemon (rpd) for Junos OS and Junos OS Evolved. A remote, unauthenticated attacker can cause a DoS by sending crafted BGP UPDATE messages over an existing BGP session; the impact can be sustained as updates are pro...

7.5CVSS7.5AI score0.15143EPSS
CVE
CVE
added 2024/04/12 2:53 p.m.105 views

CVE-2024-21590

CVE-2024-21590 describes an improper input validation in Juniper Tunnel Driver (jtd) and the ICMP module of Junos OS Evolved that allows an unauthenticated attacker within the MPLS domain to send crafted MPLS IPv4 packets to the Routing Engine, potentially causing a Denial of Service (DoS). Affec...

7.1CVSS6.8AI score0.00365EPSS
CVE
CVE
added 2024/01/12 12:56 a.m.105 views

CVE-2024-21614

Summary: CVE-2024-21614 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper check for unusual or exceptional conditions in the Routing Protocol Daemon (RPD). When NETCONF and gRPC are enabled and a specific Dynamic Rendering (DREND) query is executed, RPD crashes and ...

7.5CVSS7.6AI score0.00695EPSS
CVE
CVE
added 2024/04/12 2:54 p.m.104 views

CVE-2024-21598

CVE-2024-21598 affects Juniper Networks Junos OS and Junos OS Evolved, where the Routing Protocol Daemon (rpd) crashes and restarts when receiving a BGP update containing a malformed TLV in a tunnel encapsulation attribute. This is due to improper validation of syntactic correctness of input. Imp...

8.7CVSS6.8AI score0.00571EPSS
CVE
CVE
added 2024/04/12 3:7 p.m.97 views

CVE-2024-30395

CVE-2024-30395 describes an improper validation of a BGP tunnel encapsulation attribute in Junos OS and Junos OS Evolved RPD, leading to an unauthenticated, network-based DoS. A BGP update containing a specifically malformed TLV can cause Routing Protocol Daemon (rpd) to crash and restart. Affect...

8.7CVSS6.8AI score0.00544EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.96 views

CVE-2022-22183

The CVE-2022-22183 issue affects Juniper Networks Junos OS Evolved (not Junos OS). It is an improper access control vulnerability allowing a remote, unauthenticated attacker to connect to a specific open IPv4 port and cause the CPU to exhaust resources with more traffic, creating a sustained DoS....

7.8CVSS7.5AI score0.00993EPSS
CVE
CVE
added 2024/04/12 3:23 p.m.96 views

CVE-2024-30386

CVE-2024-30386 is a Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved. In EVPN-VXLAN deployments, state updates processed by adjacent systems may flow in an unsafe order, causing l2ald to crash and restart, leading to a D...

7.1CVSS6.7AI score0.00267EPSS
CVE
CVE
added 2021/01/15 5:35 p.m.94 views

CVE-2021-0208

Technical details beyond the initial description are not provided in the connected documents; monitor for updates on CVE-2021-0208 via Juniper/NCSC pages.

8.8CVSS8.6AI score0.0065EPSS
CVE
CVE
added 2023/10/12 11:0 p.m.94 views

CVE-2023-44176

CVE-2023-44176 is a stack-based buffer overflow in the CLI command processing of Juniper Networks Junos OS. The vulnerability allows a low-privileged attacker to execute specific CLI commands, triggering a Denial of Service with repeated actions potentially sustaining it. Affected Junos OS versio...

5.5CVSS5.8AI score0.00163EPSS
CVE
CVE
added 2024/10/11 3:18 p.m.93 views

CVE-2024-39534

CVE-2024-39534 affects Junos OS Evolved. An incorrect comparison in the local address verification API allows an unauthenticated, network-adjacent attacker to create sessions or send traffic using the subnet’s network and broadcast addresses, bypassing certain controls such as stateless firewall ...

5.4CVSS5.5AI score0.00639EPSS
CVE
CVE
added 2023/06/21 12:0 a.m.92 views

CVE-2023-0026

The CVE-2023-0026 issue is a DoS in Juniper Networks Junos OS and Junos OS Evolved caused by improper input validation in the Routing Protocol Daemon (rpd). A remote, unauthenticated attacker can tear down a BGP session by sending an established-session BGP update containing a specific optional t...

7.5CVSS7.4AI score0.00645EPSS
CVE
CVE
added 2024/04/12 3:27 p.m.91 views

CVE-2024-30402

Summary of CVE-2024-30402 (Juniper Junos OS / Junos OS Evolved): The vulnerability stems from an improper check for unusual or exceptional conditions in the Layer 2 Address Learning Daemon (l2ald). When telemetry requests are received and the Dynamic Rendering Daemon (drend) is suspended, l2ald c...

8.2CVSS6.8AI score0.00522EPSS
CVE
CVE
added 2024/04/12 2:55 p.m.90 views

CVE-2024-21615

CVE-2024-21615 concerns Juniper Networks Junos OS and Junos OS Evolved. The root cause is an Incorrect Default Privileges condition that, when NETCONF traceoptions are configured, can allow a local, low-privileged user to access confidential information after a super-user performs certain NETCONF...

5.1CVSS6.3AI score0.00152EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.89 views

CVE-2021-31362

The CVE-2021-31362 issue is a Protection Mechanism Failure in Juniper Networks Junos OS and Junos OS Evolved RPD (routing protocol daemon). An adjacent unauthenticated attacker can disable established IS-IS adjacencies by sending a spoofed hello PDU, causing an immediate DoS with sustained impact...

6.5CVSS6.4AI score0.00409EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.89 views

CVE-2022-22196

CVE-2022-22196 affects Juniper Junos OS and Junos OS Evolved, in Routing Protocol Daemon (rpd). An adjacent, unauthenticated attacker with an ISIS adjacency can cause DoS by sending a malformed ISIS TLV, causing rpd CPU to spike to 100% and disrupt routing updates. Affected versions are: Junos OS...

6.5CVSS6.5AI score0.0037EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.87 views

CVE-2022-22195

CVE-2022-22195 describes an Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved. An unauthenticated, network-based attacker can trigger a counter overflow, resulting in a Denial of Service (DoS). Affected: Junos OS Evolved — all versions before 20.4...

7.8CVSS7.4AI score0.01015EPSS
CVE
CVE
added 2023/10/11 8:8 p.m.87 views

CVE-2023-44186

CVE-2023-44186 concerns Juniper Networks Junos OS and Junos OS Evolved. The issue is an Improper Handling of Exceptional Conditions in AS PATH processing that allows a BGP update with a very long AS PATH of 4-byte ASes to trigger a Denial of Service when NSR is enabled and advertising to a non-4-...

7.5CVSS7.4AI score0.00538EPSS
CVE
CVE
added 2024/04/16 8:4 p.m.87 views

CVE-2024-30380

CVE-2024-30380 affects Junos OS and Junos OS Evolved. An adjacent, unauthenticated attacker can trigger a DoS by sending a specific TLV that crashes the l2cpd process, reinitializing STP/RSTP/MSTP/VSTP, MVRP and ERP. Affected versions are: Junos OS: before 20.4R3-S9; 21.2 before 21.2R3-S7; 21.3 b...

7.1CVSS6.8AI score0.00309EPSS
CVE
CVE
added 2020/04/15 8:20 p.m.85 views

CVE-2020-1632

CVE-2020-1632 describes a DoS in Juniper Junos OS and Junos OS Evolved where receipt of a crafted BGP UPDATE can cause peers to terminate sessions by advertising an invalid UPDATE, particularly when at least one BGP session does not support RFC 4893 4-byte AS. Affected software ranges across many...

8.6CVSS8.6AI score0.01062EPSS
CVE
CVE
added 2025/01/09 4:49 p.m.85 views

CVE-2025-21602

CVE-2025-21602 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an improper handling of exceptional conditions in the routing protocol daemon (rpd), allowing an unauthenticated adjacent attacker to send a specific BGP update packet that causes rpd to crash and restart, resulti...

7.1CVSS6.5AI score0.00231EPSS
CVE
CVE
added 2024/04/12 3:28 p.m.84 views

CVE-2024-30403

Summary of CVE-2024-30403 (Junos OS Evolved): A NULL pointer dereference in the Packet Forwarding Engine (PFE) allows an unauthenticated, adjacent attacker to cause a Denial of Service when MAC learning occurs on a logical interface and the interface flaps, triggering an evo-aftmand-bt core crash...

7.1CVSS6.7AI score0.00276EPSS
CVE
CVE
added 2022/01/19 12:21 a.m.83 views

CVE-2022-22164

The CVE describes an Improper Initialization in Juniper Networks Junos OS Evolved where a commit operation to disable Telnet does not take effect, leaving Telnet enabled. Affected are Junos OS Evolved releases prior to 20.4R2-S2-EVO; 21.1 (21.1R1-EVO) and later; and 21.2 releases prior to 21.2R2-...

6.5CVSS5.6AI score0.00702EPSS
CVE
CVE
added 2022/01/19 12:21 a.m.83 views

CVE-2022-22172

CVE-2022-22172 describes a memory leak in Juniper Networks Junos OS and Junos OS Evolved the Layer-2 control protocols daemon (l2cpd). An unauthenticated adjacent attacker can exploit specific LLDP packets to trigger memory exhaustion, causing a DoS. Impact includes potential STP re-convergence a...

6.5CVSS6.5AI score0.00369EPSS
CVE
CVE
added 2024/04/12 2:55 p.m.83 views

CVE-2024-21618

CVE-2024-21618 affects Juniper Junos OS and Junos OS Evolved, where receiving a malformed LLDP packet on an interface with LLDP enabled can trigger an Access of Memory Location After End of Buffer in the Layer-2 Control Protocols Daemon (l2cpd). This causes l2cpd to crash and restart, reinitializ...

7.1CVSS6.8AI score0.00296EPSS
CVE
CVE
added 2024/04/12 3:4 p.m.83 views

CVE-2024-30406

CVE-2024-30406 affects Juniper Networks Junos OS Evolved ACX Series devices running Paragon Active Assurance Test Agent. The issue is a Cleartext Storage in a File on Disk vulnerability that allows a local, authenticated attacker with high privileges to read other users’ credentials due to unencr...

6.7CVSS6.5AI score0.00136EPSS
CVE
CVE
added 2024/04/12 3:3 p.m.83 views

CVE-2024-30409

Vulnerability (CVE-2024-30409) in Juniper Networks Junos OS and Junos OS Evolved telemtry processing can crash the forwarding information base telemetry daemon (fibtd) via an improper check for unusual or exceptional conditions. A network-based authenticated attacker can cause a limited Denial of...

6.9CVSS6.4AI score0.00478EPSS
CVE
CVE
added 2024/07/11 4:27 p.m.83 views

CVE-2024-39549

CVE-2024-39549 affects Junos OS and Junos OS Evolved. A crafted BGP Path attribute update can trigger a Missing Release of Memory after Effective Lifetime in the routing process daemon (rpd), causing memory to be allocated but not freed in all paths and leading to a DoS. Impact is memory exhausti...

8.7CVSS7.5AI score0.00466EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.82 views

CVE-2022-22193

CVE-2022-22193 affects Juniper Networks Junos OS and Junos OS Evolved. A local, low-privilege attacker can trigger an Improper Handling of Unexpected Data Type in the Routing Protocol Daemon (rpd), potentially causing a DoS. In a BGP rib-sharding scenario, executing a specific CLI command may cra...

5.5CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2025/01/09 6:16 p.m.82 views

CVE-2025-21598

CVE-2025-21598 is an out-of-bounds read vulnerability in Junos OS and Junos OS Evolved -rpd (routing protocol daemon). An unauthenticated, network-based attacker can send malformed BGP packets to a device with BGP trace options enabled, crashing rpd. Affected ranges include multiple Junos OS and ...

8.2CVSS7.8AI score0.00702EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.81 views

CVE-2021-31360

Summary: CVE-2021-31360 is a local privilege escalation in Juniper Networks Junos OS and Junos OS Evolved CLI. A low-privileged user can overwrite local files as root, potentially causing system integrity issues or a sustained DoS requiring manual recovery. The issue only affects systems where th...

7.1CVSS6.9AI score0.00201EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.81 views

CVE-2022-22194

CVE-2022-22194 affects Juniper Networks Junos OS Evolved PTX10003/10004/10008 due to an improper check for unusual or exceptional conditions in the packetIO daemon. An unauthenticated, network-based attacker can cause a sustained denial-of-service by sending crafted packets. Affected versions are...

7.5CVSS7.5AI score0.00965EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.81 views

CVE-2022-22197

The CVE describes an Operation on a Resource after Expiration or Release vulnerability in Juniper Networks Junos OS and Junos OS Evolved’s Routing Protocol Daemon (rpd). An unauthenticated attacker with an established BGP session can cause a Denial of Service when proxy-generate route-target filt...

7.5CVSS7.5AI score0.01072EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.80 views

CVE-2021-31363

CVE-2021-31363 affects Juniper Networks Junos OS and Junos OS Evolved. In MPLS P2MP, a Loop with Unreachable Exit Condition in the Routing Protocol Daemon (RPD) allows an unauthenticated adjacent attacker to cause high RPD load and routing protocol flaps. If a system with sensor-based-stats enabl...

6.5CVSS6.4AI score0.00391EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.79 views

CVE-2021-31350

CVE-2021-31350 affects Juniper Junos OS and Junos OS Evolved via the Juniper Extension Toolkit (JET) gRPC API. The issue stems from jsd authenticating a user and passing configuration operations to mgd (root-owned), enabling network-based, low-privilege attackers to perform root-level operations....

9CVSS8AI score0.00845EPSS
CVE
CVE
added 2021/10/19 6:16 p.m.79 views

CVE-2021-31354

CVE-2021-31354 affects Juniper Networks Junos OS and Junos OS Evolved when configured in Network Mode with the JAL client. It is an Out Of Bounds (OOB) vulnerability in the client’s packet-parsing logic for responses from the server, potentially allowing partial DoS or remote code execution. Expl...

8.8CVSS8AI score0.00609EPSS
CVE
CVE
added 2024/07/11 4:30 p.m.79 views

CVE-2024-39552

CVE-2024-39552 affects Juniper Networks Junos OS and Junos OS Evolved: the RPD (routing protocol daemon) crashes when a malformed BGP UPDATE is received over an established BGP session, causing DoS. A network-based, unauthenticated attacker can trigger the crash via IPv4/IPv6 eBGP/iBGP traffic; i...

8.7CVSS7.6AI score0.00593EPSS
CVE
CVE
added 2025/02/05 3:31 p.m.79 views

CVE-2024-39564

CVE-2024-39564 describes a double-free vulnerability in Juniper’s routing process daemon (rpd) for Junos OS and Junos OS Evolved. A malformed BGP Path attribute update can trigger a memory double-free in the rpd log path, causing the process to crash and resulting in a Denial of Service. Affected...

8.7CVSS6.8AI score0.00387EPSS
CVE
CVE
added 2025/04/09 7:56 p.m.79 views

CVE-2025-30651

CVE-2025-30651 affects Juniper Networks Junos OS and Junos OS Evolved. A Buffer Access with Incorrect Length Value in the routing protocol daemon (rpd) can be triggered by a specific ICMPv6 packet to an interface configured with protocol router-advertisement, causing rpd to crash and restart and ...

8.7CVSS7.6AI score0.00372EPSS
CVE
CVE
added 2026/02/25 4:59 p.m.78 views

CVE-2026-21902

CVE-2026-21902 affects Juniper Networks Junos OS Evolved on PTX Series and is an unauthenticated, network-based remote code execution via the On-Box Anomaly Detection framework. The root cause is an incorrect permission assignment that exposes a service intended for internal processes to the exte...

9.8CVSS5.9AI score0.17709EPSS
In wildWeb
CVE
CVE
added 2022/01/19 12:21 a.m.77 views

CVE-2022-22177

CVE-2022-22177 affects Juniper Networks Junos OS and Junos OS Evolved. The issue is an illegal memory vulnerability in the snmpd daemon that can be triggered by crafted SNMP input, causing the snmpd process to segfault or halt and resulting in a sustained Denial of Service until manual restart. A...

7.5CVSS6.2AI score0.00958EPSS
CVE
CVE
added 2022/01/19 12:21 a.m.76 views

CVE-2022-22169

CVE-2022-22169 affects Juniper Networks Junos OS and Junos OS Evolved. An improper initialization in the routing protocol daemon (rpd) can cause OSPFv3 to enter graceful-restart GR helper mode when a attacker sends crafted packets in specific order/timing, potentially causing a DoS via a stalled ...

5.9CVSS5.7AI score0.00827EPSS
CVE
CVE
added 2022/10/18 2:46 a.m.76 views

CVE-2022-22192

CVE-2022-22192 describes an improper validation of input in the kernel of Juniper Networks Junos OS Evolved on PTX series. A network-based, unauthenticated attacker can cause a kernel panic by sending a malformed TCP packet destined to PTX10004/10008/10016, specifically targeting the BGP, LDP, or...

7.5CVSS7.6AI score0.00697EPSS
CVE
CVE
added 2021/10/19 6:17 p.m.75 views

CVE-2021-31383

CVE-2021-31383 affects Juniper Networks Junos OS and Junos OS Evolved, where in P2MP scenarios the routing protocol daemon (RPD) may crash due to a source-to-destination copy-write operation paired with a stack-based buffer overflow on certain crafted packets. This leads to a DoS that can become ...

7.5CVSS7.7AI score0.00974EPSS
Total number of security vulnerabilities239