Screenos
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7755 | Cri | 0.84 | 9.8 | 0.61 | KEV | Dec 19, 2015 | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before… | |
| CVE-2017-2336 | Cri | 0.62 | 9.6 | 0.01 | Jul 17, 2017 | A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This… | ||
| CVE-2017-2339 | Hig | 0.55 | 8.4 | 0.01 | Jul 17, 2017 | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.… | ||
| CVE-2017-2338 | Hig | 0.55 | 8.4 | 0.01 | Jul 17, 2017 | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.… | ||
| CVE-2017-2337 | Hig | 0.55 | 8.4 | 0.01 | Jul 17, 2017 | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.… | ||
| CVE-2017-2335 | Hig | 0.55 | 8.4 | 0.01 | Jul 17, 2017 | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.… | ||
| CVE-2015-7754 | Hig | 0.53 | 8.1 | 0.04 | Jan 8, 2016 | Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | ||
| CVE-2016-1268 | Hig | 0.49 | 7.5 | 0.02 | Apr 15, 2016 | The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. | ||
| CVE-2018-0014 | Med | 0.28 | 4.3 | 0.01 | Jan 10, 2018 | Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior… | ||
| CVE-2005-2640 | 0.04 | — | 0.07 | Aug 23, 2005 | Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the… | |||
| CVE-2018-0059 | 0.00 | — | 0.01 | Oct 10, 2018 | A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative… | |||
| CVE-2015-7756 | 0.00 | — | 0.02 | Dec 19, 2015 | The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19… | |||
| CVE-2015-7750 | 0.00 | — | 0.02 | Oct 19, 2015 | The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet. | |||
| CVE-2014-3814 | 0.00 | — | 0.01 | Jun 13, 2014 | The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | |||
| CVE-2014-3813 | 0.00 | — | 0.01 | Jun 13, 2014 | Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup. | |||
| CVE-2014-2842 | 0.00 | — | 0.03 | Apr 15, 2014 | Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. | |||
| CVE-2013-7313 | 0.00 | — | 0.01 | Jan 23, 2014 | The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers… | |||
| CVE-2013-6958 | 0.00 | — | 0.02 | Dec 13, 2013 | Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. | |||
| CVE-2008-6096 | 0.00 | — | 0.01 | Feb 9, 2009 | Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page. | |||
| CVE-2004-1446 | 0.00 | — | 0.03 | Dec 31, 2004 | Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. |
- risk 0.84cvss 9.8epss 0.61
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before…
- risk 0.62cvss 9.6epss 0.01
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This…
- risk 0.55cvss 8.4epss 0.01
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…
- risk 0.55cvss 8.4epss 0.01
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…
- risk 0.55cvss 8.4epss 0.01
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…
- risk 0.55cvss 8.4epss 0.01
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…
- risk 0.53cvss 8.1epss 0.04
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
- risk 0.49cvss 7.5epss 0.02
The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.
- risk 0.28cvss 4.3epss 0.01
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior…
- CVE-2005-2640Aug 23, 2005risk 0.04cvss —epss 0.07
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the…
- CVE-2018-0059Oct 10, 2018risk 0.00cvss —epss 0.01
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative…
- CVE-2015-7756Dec 19, 2015risk 0.00cvss —epss 0.02
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19…
- CVE-2015-7750Oct 19, 2015risk 0.00cvss —epss 0.02
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
- CVE-2014-3814Jun 13, 2014risk 0.00cvss —epss 0.01
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP.
- CVE-2014-3813Jun 13, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup.
- CVE-2014-2842Apr 15, 2014risk 0.00cvss —epss 0.03
Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.
- CVE-2013-7313Jan 23, 2014risk 0.00cvss —epss 0.01
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers…
- CVE-2013-6958Dec 13, 2013risk 0.00cvss —epss 0.02
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
- CVE-2008-6096Feb 9, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.
- CVE-2004-1446Dec 31, 2004risk 0.00cvss —epss 0.03
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Page 1 of 2