231 matches found
CVE-2023-36838
CVE-2023-36838 affects Juniper Networks Junos OS on SRX Series, with an out-of-bounds read in the flow processing daemon (flowd) that a local, authenticated, low-privilege attacker can exploit by issuing a specific CLI command to crash flowd and cause a DoS. The vulnerability can produce a core d...
CVE-2024-21606
CVE-2024-21606 affects Juniper Networks Junos OS on SRX Series with a Double Free vulnerability in the flowd daemon . In a remote-access VPN, if a tcp-encap-profile is configured and a sequence of specific packets is received, a flowd crash and restart can occur, caused by a faulty free operation...
CVE-2024-39526
CVE-2024-39526 affects Junos OS on MX Series (MPC10/MPC11/LC9600), EX9200 (EX9200-15C), MX304, and Junos OS Evolved on PTX Series. The issue is an improper handling of exceptional conditions in DHCP packet processing; when DHCP snooping is enabled, malformed DHCP packets can cause ingress process...
CVE-2024-39527
CVE-2024-39527 describes an exposure of sensitive information vulnerability in the CLI of Juniper Networks Junos OS on SRX Series devices. A local, low-privileged user with CLI access can view protected files on the file system through crafted CLI commands, enabling information disclosure as desc...
CVE-2024-47494
CVE-2024-47494 affects Juniper Networks Junos OS, specifically the AgentD process and related FPC handling. A TOCTOU race condition during telemetry polling can cause AgentD to reaping an already destroyed sensor, leading to memory corruption and a DoS when the FPC crashes. The FPC auto-recovers ...
CVE-2026-21906
CVE-2026-21906 overview (Junos OS SRX Series) A vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series can be triggered by a specific ICMP packet routed through a GRE tunnel when PowerMode IPsec (PMI) and GRE performance acceleration are enabled. An unauthe...
CVE-2024-39555
Summary of vulnerability (CVE-2024-39555): Juniper Networks Junos OS and Junos OS Evolved RPD mishandles certain malformed BGP Update messages when segment routing is enabled, causing session resets and potential DoS. A remote attacker must have at least one established BGP session; affected are ...
CVE-2024-39560
Juniper Junos OS and Junos OS Evolved are affected by CVE-2024-39560 via the routing protocol daemon (rpd). The issue is an improper handling of exceptional conditions that lets a logically adjacent downstream RSVP neighbor induce kernel memory exhaustion and a DoS. Affected ranges include multip...
CVE-2023-36840
Summary (CVE-2023-36840) A reachable-assertion vulnerability in Juniper’s Routing Protocol Daemon (RPD) on Junos OS and Junos OS Evolved can be exploited by a locally authenticated, low-privilege user when running a specific L2VPN command to cause a DoS (RPD crash/restart). Affected products/vers...
CVE-2025-21595
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved can cause an FPC crash and DoS. In EVPN-VXLAN, receiving specific ARP (IPv4) or NDP (IPv6) packets triggers kernel heap memory leaks and event...
CVE-2023-28965
CVE-2023-28965 targets Juniper Networks Junos OS on QFX10002, caused by an improper check/handling in the storm control feature. A high rate of traffic can trigger a sustained DoS as storm control drops packets when thresholds are exceeded. Affected versions include: 19.3R3-S7 and earlier; 19.4R3...
CVE-2024-39545
The CVE describes an Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS iked (on SRX Series, MX Series with SPC3, and NFX350), where unauthenticated network-based attackers can trigger an iked crash during IPsec negotiations by sending specific mismatching parameter...
CVE-2024-47491
Summary: CVE-2024-47491 affects Juniper Networks Junos OS and Junos OS Evolved. A network-based, unauthenticated attacker can cause a DoS by sending a BGP UPDATE with a malformed path attribute to an established BGP session; the Routing Protocol Daemon (rpd) crashes and restarts, potentially lead...
CVE-2023-28963
Summary: CVE-2023-28963 is an Improper Authentication vulnerability in cert-mgmt.php of Juniper Networks Junos OS J-Web component. An unauthenticated, network-based attacker can read arbitrary files from temporary folders on affected devices. Affected software: Juniper Networks Junos OS running J...
CVE-2024-21607
Concrete details available: Juniper Junos OS on MX Series and EX9200 Series is affected by CVE-2024-21607 due to a kernel-filter payload-protocol handling issue in IPv6 firewall filters. The root cause is that the payload-protocol match is not supported in the kernel filter, causing terms to acce...
CVE-2024-47507
CVE-2024-47507 affects Junos OS and Junos OS Evolved. The issue is in the routing protocol daemon (rpd): when a BGP update carries an aggregator attribute with an ASN value of zero, rpd accepts and propagates it, causing potential integrity impacts on downstream peers. Affected versions include: ...
CVE-2023-36832
Summary: CVE-2023-36832 is an Improper Handling of Exceptional Conditions in Junos OS on MX Series, where unauthenticated attackers can send packets to the AMS interface to crash the PFE and cause DoS. Affected products/versions (MX Series Junos OS): all prior to 19.1R3-S10; 19.2 prior to 19.2R3-...
CVE-2024-47501
CVE-2024-47501 involves a NULL pointer dereference in the packet forwarding engine (pfe) of Juniper Networks Junos OS. A locally authenticated attacker with low privileges can trigger a DoS by executing specific show commands in VPLS or Junos Fusion, causing all FPCs hosting VPLS sessions or sate...
CVE-2023-44192
CVE-2023-44192 : In Juniper Networks Junos OS QFX5000 Series, the vulnerability affects the Packet Forwarding Engine where improper input validation enables an unauthenticated, network-based attacker to trigger a DMA memory leak, causing a DoS. The issue is observed when pseudo-VTEP is configured...
CVE-2024-39536
CVE-2024-39536 concerns Juniper Networks Junos OS and Junos OS Evolved. A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). The leak is triggered when a B...
CVE-2024-47493
CVE-2024-47493 affects Junos OS on MX Series with Trio-based FPCs. The vulnerability is a Missing Release of Memory after Effective Lifetime in the PFE, causing a heap memory leak during channelized MIC interface flap activity and potentially leading to DoS for unauthenticated adjacent attackers....
CVE-2024-47499
CVE-2024-47499 affects Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, network-based attacker can trigger a DoS by sending a malformed AS PATH attribute over an established BGP session in BMP rib-in pre-policy monitoring, causing the RPD to crash and restart. The issue affects...
CVE-2025-52989
CVE-2025-52989 describes an Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved. A local, authenticated attacker with high privileges can exploit a specially crafted annotate configuration command to modify any part of the device configu...
CVE-2026-21905
CVE-2026-21905 affects Juniper Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC. The vulnerability is a loop with an unreachable exit condition in the SIP application layer gateway (ALG) that can be triggered by processing multiple SIP messages over TCP. This causes the flow management...
CVE-2025-6549
CVE-2025-6549 (Junos OS SRX, J-Web exposure) is an Incorrect Authorization vulnerability in the web server that can allow an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). It arises when Juniper Secure Connect (JSC) is enabled on specific interfaces or mu...
CVE-2026-33793
CVE-2026-33793 describes an Execution with Unnecessary Privileges in the Junos OS/Junos OS Evolved UI. If a device has a configuration that allows unsigned Python op scripts, a non-root user can run malicious op scripts and escalate to root-equivalent privileges, compromising the system. Affected...
CVE-2026-33778
CVE-2026-33778 affects Junos OS on SRX Series and MX Series. The vulnerability is in the IPsec library used by kmd/iked, where processing a specifically malformed first ISAKMP packet can cause the kmd/iked process to crash and restart. This results in a momentary inability to establish new securi...
CVE-2025-52951
CVE-2025-52951 describes a Protection Mechanism Failure in Juniper Networks Junos OS where kernel filter processing mishandles the payload-protocol match, causing firewall terms to effectively accept all traffic destined for the control plane IPv6 traffic. Affected Junos OS versions include all p...
CVE-2025-52958
Summary of CVE-2025-52958 : A Reachable Assertion in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved can cause an adjacent, unauthenticated attacker to trigger a DoS. The issue occurs when route validation is enabled and a rare condition during BGP initial sess...
CVE-2025-52988
The CVE-2025-52988 issue is a local OS command injection in the CLI of Juniper Networks Junos OS and Junos OS Evolved. The underlying flaw allows a high-privilege attacker to execute commands as root when crafting arguments to the command 'request system logout', enabling complete device compromi...
CVE-2026-33774
CVE-2026-33774 affects Junos OS on Juniper MX Series (MPC10/11, LC4800/LC9600 line cards and MX304). An improper check allows an unauthenticated, network-based attacker to bypass firewall filters applied to loopback interfaces lo0.n (n != 0) that are in the default routing instance, enabling pote...
CVE-2025-52960
CVE-2025-52960 affects Juniper Networks Junos OS on SRX Series and MX Series, caused by a Buffer Copy without Checking Size in the SIP ALG (flowd/mspmand). The underlying issue occurs when memory utilization is high and specific SIP packets arrive, crashing the flowd process and causing a DoS; th...
CVE-2026-21910
CVE-2026-21910 affects Junos OS on EX4k Series and QFX5k Series with EVPN-VXLAN LAG/VPLAG. An unauthenticated, network-adjacent attacker can trigger a link flap, which in configurations with multiple load-balanced next-hops can cause Inter-VNI traffic to drop, resulting in DoS. Recovery requires ...
CVE-2026-33791
CVE-2026-33791 affects Junos OS and Junos OS Evolved. The vulnerability lies in the CLI processing of certain crafted set system commands, where arguments are not properly sanitized, enabling an attacker with local, high privileges to inject arbitrary shell commands that execute as root. This can...
CVE-2026-21916
CVE-2026-21916 is a local privilege-escalation vulnerability in Juniper Networks Junos OS CLI via UNIX Symlink Following. It permits a low-privilege, authenticated attacker to escalate to root after performing a specific file link CLI operation and later when another user commits unrelated config...
CVE-2026-57026
CVE-2026-57026 affects Junos OS on MX Series with SPC3 and SRX Series . The issue is an Improp er Validation of Syntactic Correctness of Input in the SIP plugin, enabling an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) . When the SIP ALG is enabled, processing a malf...
CVE-2025-52983
CVE-2025-52983 describes a UI discrepancy in Junos OS on VM Host systems (VM Host Routing Engines) that allows a network-based, unauthenticated attacker to access the device. On REs, even after removing the public key for root login, users with the corresponding private key can still log in as ro...
CVE-2025-52953
CVE-2025-52953 affects Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated adjacent attacker can send a valid BGP UPDATE, causing a BGP session reset and a sustained DoS. Affected releases include: Junos OS before 21.2R3-S9; 21.4 before 21.4R3-S11; 22.2 before 22.2R3-S7; 22.4 befor...
CVE-2025-52955
CVE-2025-52955 describes an Incorrect Calculation of Buffer Size in Juniper Networks Junos OS and Junos OS Evolved rpd when jflow/sflow updates are sent as a routing instance’s logical interface flaps. The issue can cause memory corruption, leading to an rpd crash and restart, with sustained DoS ...
CVE-2026-21914
CVE-2026-21914 describes an Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series. A specially crafted GTP Modify Bearer Request can cause a lock to be acquired and never released, preventing other threads from acquiring it, triggering a watchdog timeout and ...
CVE-2026-33779
The CVE concerns Junos OS on SRX Series failing to properly verify the server certificate when provisioning to Security Director cloud, enabling a PITM to intercept traffic and access credentials and sensitive data. Affected Junos OS versions include all before 22.4R3-S9, 23.2 before 23.2R2-S6, 2...
CVE-2025-59957
CVE-2025-59957 affects Juniper Networks Junos OS on EX4600 Series and QFX5000 Series switches. Affected versions: all prior to 21.4R3 and 22.2 prior to 22.2R3-S3. The vulnerability is a runtime/Origin Validation Error in an insufficient protected file , allowing an unauthenticated attacker with p...
CVE-2025-60003
CVE-2025-60003 affects Juniper Networks Junos OS and Junos OS Evolved. A Buffer Over-read in the routing protocol daemon (rpd) can be triggered by a BGP update containing specific optional transitive attributes when peers are not 4-byte-AS capable, causing the rpd process to crash and the device ...
CVE-2026-0203
CVE-2026-0203 affecting Juniper Networks Junos OS —An Improper Handling of Exceptional Conditions vulnerability in packet processing can be exploited by an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP (IPv4) packet. This causes the Flexible Packet Processor (FP...
CVE-2026-33775
CVE-2026-33775 describes a memory leak (Missing Release of Memory after Effective Lifetime) in Juniper Junos OS MX Series bbe-smgd that can be triggered by a mismatch between configured and received packet types. An adjacent, unauthenticated attacker may cause a DoS by exhausting heap memory, aft...
CVE-2025-52964
CVE-2025-52964 is a Reachable Assertion vulnerability in Juniper Networks Junos OS and Junos OS Evolved rpd. An unauthenticated, network-based attacker can trigger a crash by sending a specific BGP UPDATE packet when BGP multipath pause-computation-during-churn is configured, leading to a sustain...
CVE-2025-52986
Summary: CVE-2025-52986 is a memory leak in Juniper Networks Junos OS and Junos OS Evolved’s routing protocol daemon (rpd) triggered when RIB sharding is enabled and a user runs certain routing-related show commands. The leak can exhaust memory, causing rpd to crash and restart, impacting device ...
CVE-2025-52981
CVE-2025-52981 affects Juniper JUNOS OS flowd on SRX1600/SRX2300/SRX4000/SRX5000 (with SPC3). A sequence of specific PIM multicast packets can cause an unauthenticated network-based attacker to crash flowd and restart, resulting in DoS. Vulnerable versions include all before 21.2R3-S9, 21.4 befor...
CVE-2025-52982
Juniper Junos OS MX Series with MS-MPC SIP ALG is affected. When two or more SIP-processing service sets run, an improper resource shutdown can cause the MS-MPC to crash and restart, enabling unauthenticated network-based DoS. Affected versions: all before 21.2R3-S9; 21.4 from 21.4R1; 22.2 before...
CVE-2025-52946
CVE-2025-52946 is a Use After Free in Juniper Junos OS and Junos OS Evolved rpd triggered by a BGP update containing a specifically malformed AS PATH, causing the rpd process to crash and restart and resulting in DoS when traceoptions are enabled. Affected: Junos OS and Junos OS Evolved across mu...