Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JuniperJunos14.1x53

14 matches found

CVE
CVEadded 2020/05/04 10:15 a.m.976 views

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerabi...

9.8CVSS9.7AI score0.05639EPSS
CVE
CVEadded 2020/02/28 11:15 p.m.122 views

CVE-2015-3006

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for s...

6.8CVSS6.6AI score0.00123EPSS
CVE
CVEadded 2020/01/15 9:15 a.m.58 views

CVE-2020-1606

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue ...

8.1CVSS6.5AI score0.00319EPSS
CVE
CVEadded 2020/04/08 8:15 p.m.51 views

CVE-2020-1618

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “reques...

6.9CVSS6.6AI score0.0004EPSS
CVE
CVEadded 2020/02/11 5:15 p.m.45 views

CVE-2014-6447

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 bef...

7.1CVSS6.7AI score0.00475EPSS
CVE
CVEadded 2020/07/17 7:15 p.m.45 views

CVE-2020-1643

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By con...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVEadded 2020/04/08 8:15 p.m.44 views

CVE-2020-1613

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that o...

8.6CVSS7.7AI score0.00453EPSS
CVE
CVEadded 2020/04/08 8:15 p.m.43 views

CVE-2020-1628

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leadin...

5.3CVSS5.1AI score0.00382EPSS
CVE
CVEadded 2020/04/08 8:15 p.m.43 views

CVE-2020-1639

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper...

7.5CVSS7.5AI score0.00536EPSS
CVE
CVEadded 2020/01/15 9:15 a.m.42 views

CVE-2020-1607

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 ver...

7.5CVSS6.3AI score0.00336EPSS
CVE
CVEadded 2020/01/15 9:15 a.m.41 views

CVE-2020-1604

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does ...

6.5CVSS6.1AI score0.00244EPSS
CVE
CVEadded 2020/10/16 9:15 p.m.37 views

CVE-2020-1656

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to pote...

8.8CVSS9AI score0.00447EPSS
CVE
CVEadded 2020/04/08 8:15 p.m.36 views

CVE-2020-1630

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. Thi...

5.5CVSS5.4AI score0.0003EPSS
CVE
CVEadded 2020/10/16 9:15 p.m.34 views

CVE-2020-1661

On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forwar...

5.3CVSS5.3AI score0.00268EPSS