VYPR

Junos

by Juniper Networks

CVEs (766)

  • CVE-2020-1609Jan 15, 2020
    risk 0.00cvss epss 0.01

    When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the…

  • CVE-2020-1608Jan 15, 2020
    risk 0.00cvss epss 0.01

    Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients…

  • CVE-2020-1607Jan 15, 2020
    risk 0.00cvss epss 0.01

    Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper…

  • CVE-2020-1606Jan 15, 2020
    risk 0.00cvss epss 0.01

    A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by…

  • CVE-2020-1605Jan 15, 2020
    risk 0.00cvss epss 0.01

    When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the…

  • CVE-2020-1604Jan 15, 2020
    risk 0.00cvss epss 0.01

    On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine…

  • CVE-2020-1603Jan 15, 2020
    risk 0.00cvss epss 0.01

    Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory…

  • CVE-2020-1602Jan 15, 2020
    risk 0.00cvss epss 0.01

    When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the…

  • CVE-2020-1601Jan 15, 2020
    risk 0.00cvss epss 0.01

    Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd)…

  • CVE-2020-1600Jan 15, 2020
    risk 0.00cvss epss 0.01

    In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of…

  • CVE-2019-0075Oct 9, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service…

  • CVE-2019-0074Oct 9, 2019
    risk 0.00cvss epss 0.00

    A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K…

  • CVE-2019-0073Oct 9, 2019
    risk 0.00cvss epss 0.00

    The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions…

  • CVE-2019-0071Oct 9, 2019
    risk 0.00cvss epss 0.00

    Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence…

  • CVE-2019-0070Oct 9, 2019
    risk 0.00cvss epss 0.00

    An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the…

  • CVE-2019-0069Oct 9, 2019
    risk 0.00cvss epss 0.00

    On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials…

  • CVE-2019-0068Oct 9, 2019
    risk 0.00cvss epss 0.01

    The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This…

  • CVE-2019-0067Oct 9, 2019
    risk 0.00cvss epss 0.01

    Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue…

  • CVE-2019-0066Oct 9, 2019
    risk 0.00cvss epss 0.01

    An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is…

  • CVE-2019-0065Oct 9, 2019
    risk 0.00cvss epss 0.01

    On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of…

Page 32 of 39