Lucene search

K
JuniperJunos12.3x48

19 matches found

CVE
CVE
added 2020/05/04 10:15 a.m.976 views

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerabi...

9.8CVSS9.7AI score0.05639EPSS
CVE
CVE
added 2020/03/06 3:15 p.m.649 views

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

10CVSS9.9AI score0.11181EPSS
CVE
CVE
added 2020/02/28 11:15 p.m.143 views

CVE-2015-5361

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extens...

6.5CVSS6.3AI score0.00146EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.85 views

CVE-2020-1684

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusio...

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2020/01/15 9:15 a.m.58 views

CVE-2020-1606

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue ...

8.1CVSS6.5AI score0.00319EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.54 views

CVE-2020-1637

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP addr...

7.2CVSS6.6AI score0.00186EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.54 views

CVE-2020-1657

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of the...

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.50 views

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an at...

6.5CVSS6.4AI score0.00054EPSS
CVE
CVE
added 2020/02/11 5:15 p.m.45 views

CVE-2014-6447

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 bef...

7.1CVSS6.7AI score0.00475EPSS
CVE
CVE
added 2020/07/17 7:15 p.m.45 views

CVE-2020-1643

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By con...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.44 views

CVE-2020-1613

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that o...

8.6CVSS7.7AI score0.00453EPSS
CVE
CVE
added 2020/01/15 9:15 a.m.43 views

CVE-2020-1600

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condit...

6.8CVSS6.7AI score0.00222EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.43 views

CVE-2020-1639

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper...

7.5CVSS7.5AI score0.00536EPSS
CVE
CVE
added 2020/01/15 9:15 a.m.42 views

CVE-2020-1607

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 ver...

7.5CVSS6.3AI score0.00336EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.42 views

CVE-2020-1634

On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue...

7.5CVSS7.5AI score0.0054EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.37 views

CVE-2020-1656

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to pote...

8.8CVSS9AI score0.00447EPSS
CVE
CVE
added 2020/04/08 8:15 p.m.36 views

CVE-2020-1630

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. Thi...

5.5CVSS5.4AI score0.0003EPSS
CVE
CVE
added 2020/07/17 7:15 p.m.35 views

CVE-2020-1641

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP c...

6.5CVSS6.4AI score0.00063EPSS
CVE
CVE
added 2020/10/16 9:15 p.m.34 views

CVE-2020-1661

On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forwar...

5.3CVSS5.3AI score0.00268EPSS