OS Evolved
CVEs (248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30406 | Med | 0.36 | 5.5 | 0.00 | Apr 12, 2024 | A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users… | ||
| CVE-2023-44177 | Med | 0.36 | 5.5 | 0.00 | Oct 13, 2023 | A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service… | ||
| CVE-2023-36840 | Med | 0.36 | 5.5 | 0.00 | Jul 14, 2023 | A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run,… | ||
| CVE-2023-28980 | Med | 0.36 | 5.5 | 0.00 | Apr 17, 2023 | A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after… | ||
| CVE-2022-22240 | Med | 0.36 | 5.5 | 0.00 | Oct 18, 2022 | An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a… | ||
| CVE-2022-22233 | Med | 0.36 | 5.5 | 0.00 | Oct 18, 2022 | An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label… | ||
| CVE-2022-22193 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2022 | An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command… | ||
| CVE-2020-1624 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2020 | A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | ||
| CVE-2020-1623 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2020 | A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1. | ||
| CVE-2020-1622 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2020 | A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | ||
| CVE-2020-1621 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2020 | A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | ||
| CVE-2020-1620 | Med | 0.36 | 5.5 | 0.00 | Apr 8, 2020 | A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | ||
| CVE-2025-60010 | Med | 0.35 | 5.4 | 0.00 | Oct 9, 2025 | A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS… | ||
| CVE-2025-60006 | Med | 0.35 | 5.3 | 0.01 | Oct 9, 2025 | Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker… | ||
| CVE-2024-39534 | Med | 0.35 | 5.4 | 0.01 | Oct 11, 2024 | An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned… | ||
| CVE-2023-44195 | Med | 0.35 | 5.4 | 0.00 | Oct 13, 2023 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If… | ||
| CVE-2022-22177 | Med | 0.35 | 5.3 | 0.01 | Jan 19, 2022 | A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of… | ||
| CVE-2021-0273 | Med | 0.35 | 5.3 | 0.01 | Apr 22, 2021 | An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in… | ||
| CVE-2025-59962 | Med | 0.34 | 5.3 | 0.00 | Oct 9, 2025 | An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to… | ||
| CVE-2025-52985 | Med | 0.34 | 5.3 | 0.00 | Jul 11, 2025 | A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a… |
- risk 0.36cvss 5.5epss 0.00
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users…
- risk 0.36cvss 5.5epss 0.00
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service…
- risk 0.36cvss 5.5epss 0.00
A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run,…
- risk 0.36cvss 5.5epss 0.00
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after…
- risk 0.36cvss 5.5epss 0.00
An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a…
- risk 0.36cvss 5.5epss 0.00
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label…
- risk 0.36cvss 5.5epss 0.00
An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command…
- risk 0.36cvss 5.5epss 0.00
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
- risk 0.36cvss 5.5epss 0.00
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1.
- risk 0.36cvss 5.5epss 0.00
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
- risk 0.36cvss 5.5epss 0.00
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
- risk 0.36cvss 5.5epss 0.00
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
- risk 0.35cvss 5.4epss 0.00
A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS…
- risk 0.35cvss 5.3epss 0.01
Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker…
- risk 0.35cvss 5.4epss 0.01
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned…
- risk 0.35cvss 5.4epss 0.00
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If…
- risk 0.35cvss 5.3epss 0.01
A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of…
- risk 0.35cvss 5.3epss 0.01
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in…
- risk 0.34cvss 5.3epss 0.00
An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to…
- risk 0.34cvss 5.3epss 0.00
A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a…
Page 11 of 13