VYPR

Vendor CVEs

Juniper Networks

All CVEs

1,081 total · sorted by risk
  • CVE-2015-7755CriKEVDec 19, 2015
    risk 0.84cvss 9.8epss 0.61

    Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before…

  • CVE-2024-2973CriJun 27, 2024
    risk 0.65cvss 10.0epss 0.01

    An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors…

  • CVE-2017-2349CriJul 17, 2017
    risk 0.65cvss 9.9epss 0.02

    A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to…

  • CVE-2017-2343CriJul 17, 2017
    risk 0.65cvss 10.0epss 0.03

    The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services…

  • CVE-2017-2320CriApr 24, 2017
    risk 0.65cvss 10.0epss 0.02

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any…

  • CVE-2025-21589CriJan 27, 2026
    risk 0.64cvss 9.8epss 0.01

    An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from…

  • CVE-2018-0042CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.

  • CVE-2018-0041CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

  • CVE-2018-0040CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.

  • CVE-2018-0038CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.

  • CVE-2018-0037CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a…

  • CVE-2018-0016CriApr 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or…

  • CVE-2014-3413CriApr 5, 2018
    risk 0.64cvss 9.8epss 0.02

    The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.

  • CVE-2018-0015CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.01

    A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If…

  • CVE-2018-0007CriJan 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a…

  • CVE-2018-0001CriJan 10, 2018
    risk 0.64cvss 9.8epss 0.06

    A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS:…

  • CVE-2017-10622CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.05

    An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1…

  • CVE-2017-10615CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS…

  • CVE-2016-1265CriOct 13, 2017
    risk 0.64cvss 9.8epss 0.02

    A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command…

  • CVE-2017-2345CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.04

    On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition.…

  • CVE-2017-10601CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition…

  • CVE-2016-4926CriMar 20, 2017
    risk 0.64cvss 9.8epss 0.02

    Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.

  • CVE-2016-7929CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().

  • CVE-2016-1279CriSep 9, 2016
    risk 0.64cvss 9.8epss 0.03

    J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4,…

  • CVE-2017-2336CriJul 17, 2017
    risk 0.62cvss 9.6epss 0.01

    A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This…

  • CVE-2016-1286HigMar 9, 2016
    risk 0.61cvss 8.6epss 0.62

    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

  • CVE-2013-6014CriOct 28, 2013
    risk 0.61cvss 9.3epss 0.01

    Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an…

  • CVE-2016-4929HigMar 20, 2017
    risk 0.58cvss 8.8epss 0.04

    Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.

  • CVE-2026-33785HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.00

    A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring…

  • CVE-2018-0021HigApr 11, 2018
    risk 0.57cvss 8.8epss 0.01

    If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an…

  • CVE-2017-2341HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.00

    An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are…

  • CVE-2017-2306HigMay 30, 2017
    risk 0.57cvss 8.8epss 0.02

    On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.

  • CVE-2017-2305HigMay 30, 2017
    risk 0.57cvss 8.8epss 0.01

    On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.

  • CVE-2017-2332HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

  • CVE-2016-4928HigMar 20, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.

  • CVE-2016-1264HigApr 15, 2016
    risk 0.57cvss 8.8epss 0.02

    Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before…

  • CVE-2017-10605HigJul 17, 2017
    risk 0.56cvss 8.6epss 0.02

    On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended…

  • CVE-2017-2321HigApr 24, 2017
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and…

  • CVE-2017-2317HigApr 24, 2017
    risk 0.56cvss 8.6epss 0.01

    A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential…

  • CVE-2016-4924HigOct 13, 2017
    risk 0.55cvss 8.4epss 0.00

    An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during…

  • CVE-2016-4922HigOct 13, 2017
    risk 0.55cvss 8.4epss 0.00

    Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and…

  • CVE-2017-2339HigJul 17, 2017
    risk 0.55cvss 8.4epss 0.01

    A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…

  • CVE-2017-2338HigJul 17, 2017
    risk 0.55cvss 8.4epss 0.01

    A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…

  • CVE-2017-2337HigJul 17, 2017
    risk 0.55cvss 8.4epss 0.01

    A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…

  • CVE-2017-2335HigJul 17, 2017
    risk 0.55cvss 8.4epss 0.01

    A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator.…

  • CVE-2017-2319HigApr 24, 2017
    risk 0.54cvss 8.3epss 0.01

    A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being…

  • CVE-2024-30407HigApr 12, 2024
    risk 0.53cvss 8.1epss 0.01

    The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of…

  • CVE-2018-0002HigJan 10, 2018
    risk 0.53cvss 8.2epss 0.02

    On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd…

  • CVE-2017-2342HigJul 17, 2017
    risk 0.53cvss 8.1epss 0.01

    MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or…

  • CVE-2016-4927HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.01

    Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.

Page 1 of 22