16 matches found
CVE-2015-7755
CVE-2015-7755 affects Juniper ScreenOS: multiple releases (6.2.0r15–6.2.0r18; 6.3.0r12–6.3.0r21) allow an unauthorized remote attacker to gain administrative access by entering an unspecified password during SSH or Telnet. The issue is an improper authentication vulnerability (CVE-2015-7755) with...
CVE-2015-7754
CVE-2015-7754 affects Juniper ScreenOS before version 6.3.0r21 where ssh-pka is configured; an unauthenticated, remote attacker can cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiations. CVSS metrics indicate high impact (v3 base 8.1, High; v2 base 9.3, H...
CVE-2015-7756
VPN decryption vulnerability in Juniper ScreenOS (CVE-2015-7756) affects 6.2.0r15–6.2.0r18 and 6.3.0r12–6.3.0r20; encryption implementation allows a knowledgeable attacker monitoring ciphertext data to decrypt VPN traffic. Impact: confidentiality of VPN sessions can be compromised. No detection m...
CVE-2018-0014
Summary: CVE-2018-0014 is an Etherleak-related information disclosure in Juniper ScreenOS. Affected products/versions: Juniper ScreenOS prior to 6.3.0r25 (all versions affected before the fixed release). Root cause: Ethernet frames are not padded with zeros, causing fragments of system memory or ...
CVE-2017-2335
Juniper ScreenOS XSS vulnerability CVE-2017-2335 affects ScreenOS on Juniper SSG Series devices (Firewall+VPN) prior to 6.3.0r24. Affected component is the NetScreen WebUI where a user with the security role can inject HTML/JavaScript into other users’ management sessions, potentially gaining an ...
CVE-2013-6958
CVE-2013-6958 affects Juniper ScreenOS/NetScreen Firewall: Ping of Death screen disabled in ScreenOS 5.4, 6.2, or 6.3 allows remote attackers to cause a denial-of-service via a crafted packet. Affected versions include ScreenOS 5.4, 6.2, 6.3; the vulnerability stems from how ICMP echo requests ar...
CVE-2014-2842
CVE-2014-2842 affects Juniper ScreenOS 6.3 and earlier. A remote unauthenticated attacker can send malformed SSL/TLS packets to trigger a denial of service, causing the firewall to crash or failover (as described across NVD, CERT/KB, and Nessus entries). The base CVSS v2 score is 7.8 (HIGH) with ...
CVE-2017-2339
The CVE-2017-2339 issue concerns a persistent cross-site scripting (XSS) vulnerability in Juniper Networks ScreenOS, specifically within the NetScreen WebUI of the ScreenOS-based NetScreen Firewall+VPN. The vulnerability allows a user with the security role to inject HTML/JavaScript into other us...
CVE-2013-7313
CVE-2013-7313 affects the OSPF implementation in Juniper Junos (through 13.x, JunosE) and ScreenOS (through 6.3.x). The issue arises from not considering duplicate Link State ID values in Link State Advertisements (LSAs) when updating the LSA database, enabling remote attackers to cause routing d...
CVE-2016-1268
The CVE refers to Juniper ScreenOS, affected in versions before 6.3.0r21, where the administrative web services interface is vulnerable to a denial-of-service via a crafted SSL/TLS packet. The issue can cause a reboot or loss of administrative access and is exploitable remotely without authentica...
CVE-2017-2336
CVE-2017-2336 is a reflected cross-site scripting vulnerability in Juniper ScreenOS (NetScreen Firewall+VPN) affecting ScreenOS 6.3.x prior to 6.3.0r24 on SSG Series. The issue allows a network-based attacker to inject HTML/JavaScript into a management session of other users, including administra...
CVE-2014-3814
CVE-2014-3814 affects Juniper ScreenOS NetScreen Firewall devices (pre-6.3r17) with the internal DNS lookup client. A remote attacker can cause a denial of service (crash/reboot) by sending a sequence of malformed packets to the device IP, exploiting a DNS lookup handling flaw. Evidence in connec...
CVE-2017-2337
CVE-2017-2337 concerns a persistent XSS flaw in Juniper Networks ScreenOS, affecting the NetScreen/WebUI of SSG Series devices. The issue allows a user with the 'security' role to inject HTML/JavaScript into another user’s management session, including administrators, effectively enabling command...
CVE-2017-2338
CVE-2017-2338 describes a persistent cross-site scripting (XSS) vulnerability in Juniper Networks ScreenOS WebUI used by NetScreen Firewall+VPN. A user with the security role can inject HTML/JavaScript into other users’ management sessions, potentially granting the attacker the ability to execute...
CVE-2015-7750
CVE-2015-7750 affects Juniper ScreenOS/Netscreen L2TP packet processing. Affected products/versions: ScreenOS prior to 6.3.0r20 (specifically before 6.3.0r13-dnd1, 6.3.0r14–6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19). Description from connected docs shows a remote attacker can cause a denial of ...
CVE-2014-3813
CVE-2014-3813 affects Juniper ScreenOS (NetScreen Firewall) versions prior to 6.3.0r17, where the built-in DNS lookup client is vulnerable. The DoS can be triggered remotely, causing the device to crash or reboot via DNS lookup vectors. Evidence sources: Tenable plugin for ScreenOS 6.3