Junos
CVEs (766)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-0273 | 0.00 | — | 0.01 | Apr 22, 2021 | An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in… | |||
| CVE-2021-0272 | 0.00 | — | 0.00 | Apr 22, 2021 | A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On… | |||
| CVE-2021-0271 | 0.00 | — | 0.00 | Apr 22, 2021 | A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the… | |||
| CVE-2021-0270 | 0.00 | — | 0.01 | Apr 22, 2021 | On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one… | |||
| CVE-2021-0269 | 0.00 | — | 0.01 | Apr 22, 2021 | The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters,… | |||
| CVE-2021-0268 | 0.00 | — | 0.01 | Apr 22, 2021 | An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration… | |||
| CVE-2021-0267 | 0.00 | — | 0.00 | Apr 22, 2021 | An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service.… | |||
| CVE-2021-0266 | 0.00 | — | 0.01 | Apr 22, 2021 | The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All… | |||
| CVE-2021-0264 | 0.00 | — | 0.01 | Apr 22, 2021 | A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial… | |||
| CVE-2021-0263 | 0.00 | — | 0.01 | Apr 22, 2021 | A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service… | |||
| CVE-2021-0262 | 0.00 | — | 0.00 | Apr 22, 2021 | Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow… | |||
| CVE-2021-0261 | 0.00 | — | 0.01 | Apr 22, 2021 | A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by… | |||
| CVE-2021-0260 | 0.00 | — | 0.01 | Apr 22, 2021 | An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write… | |||
| CVE-2021-0259 | 0.00 | — | 0.00 | Apr 22, 2021 | Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold.… | |||
| CVE-2021-0258 | 0.00 | — | 0.01 | Apr 22, 2021 | A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets… | |||
| CVE-2021-0257 | 0.00 | — | 0.00 | Apr 22, 2021 | On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge… | |||
| CVE-2021-0256 | 0.00 | — | 0.00 | Apr 22, 2021 | A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with… | |||
| CVE-2021-0255 | 0.00 | — | 0.00 | Apr 22, 2021 | A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is… | |||
| CVE-2021-0254 | 0.00 | — | 0.03 | Apr 22, 2021 | A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution… | |||
| CVE-2021-0253 | 0.00 | — | 0.01 | Apr 22, 2021 | NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX… |
- CVE-2021-0273Apr 22, 2021risk 0.00cvss —epss 0.01
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in…
- CVE-2021-0272Apr 22, 2021risk 0.00cvss —epss 0.00
A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On…
- CVE-2021-0271Apr 22, 2021risk 0.00cvss —epss 0.00
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the…
- CVE-2021-0270Apr 22, 2021risk 0.00cvss —epss 0.01
On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one…
- CVE-2021-0269Apr 22, 2021risk 0.00cvss —epss 0.01
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters,…
- CVE-2021-0268Apr 22, 2021risk 0.00cvss —epss 0.01
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration…
- CVE-2021-0267Apr 22, 2021risk 0.00cvss —epss 0.00
An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service.…
- CVE-2021-0266Apr 22, 2021risk 0.00cvss —epss 0.01
The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All…
- CVE-2021-0264Apr 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial…
- CVE-2021-0263Apr 22, 2021risk 0.00cvss —epss 0.01
A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service…
- CVE-2021-0262Apr 22, 2021risk 0.00cvss —epss 0.00
Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow…
- CVE-2021-0261Apr 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by…
- CVE-2021-0260Apr 22, 2021risk 0.00cvss —epss 0.01
An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write…
- CVE-2021-0259Apr 22, 2021risk 0.00cvss —epss 0.00
Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold.…
- CVE-2021-0258Apr 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets…
- CVE-2021-0257Apr 22, 2021risk 0.00cvss —epss 0.00
On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge…
- CVE-2021-0256Apr 22, 2021risk 0.00cvss —epss 0.00
A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with…
- CVE-2021-0255Apr 22, 2021risk 0.00cvss —epss 0.00
A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is…
- CVE-2021-0254Apr 22, 2021risk 0.00cvss —epss 0.03
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution…
- CVE-2021-0253Apr 22, 2021risk 0.00cvss —epss 0.01
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX…
Page 26 of 39