Vendor CVEs
Juniper Networks
All CVEs
1,081 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28963 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All… | |||
| CVE-2023-28973 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions… | |||
| CVE-2023-28960 | 0.00 | — | 0.00 | Apr 17, 2023 | An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator… | |||
| CVE-2023-28964 | 0.00 | — | 0.01 | Apr 17, 2023 | An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued… | |||
| CVE-2023-28959 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than… | |||
| CVE-2023-28971 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal… | |||
| CVE-2023-1697 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames… | |||
| CVE-2023-28980 | 0.00 | — | 0.00 | Apr 17, 2023 | A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after… | |||
| CVE-2023-28962 | 0.00 | — | 0.01 | Apr 17, 2023 | An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All… | |||
| CVE-2023-28968 | 0.00 | — | 0.01 | Apr 17, 2023 | An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic… | |||
| CVE-2023-28984 | 0.00 | — | 0.00 | Apr 17, 2023 | A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of… | |||
| CVE-2023-28975 | 0.00 | — | 0.00 | Apr 17, 2023 | An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine… | |||
| CVE-2023-28961 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine… | |||
| CVE-2023-28978 | 0.00 | — | 0.00 | Apr 17, 2023 | An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about… | |||
| CVE-2023-28982 | 0.00 | — | 0.01 | Apr 17, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an… | |||
| CVE-2023-28967 | 0.00 | — | 0.01 | Apr 17, 2023 | A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial… | |||
| CVE-2023-28981 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically… | |||
| CVE-2023-28966 | 0.00 | — | 0.00 | Apr 17, 2023 | An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system… | |||
| CVE-2023-28970 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a… | |||
| CVE-2023-28972 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as… | |||
| CVE-2023-28965 | 0.00 | — | 0.01 | Apr 17, 2023 | An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial… | |||
| CVE-2023-28979 | 0.00 | — | 0.00 | Apr 17, 2023 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop… | |||
| CVE-2023-22410 | 0.00 | — | 0.01 | Jan 12, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious… | |||
| CVE-2023-22409 | 0.00 | — | 0.00 | Jan 12, 2023 | An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with… | |||
| CVE-2023-22414 | 0.00 | — | 0.00 | Jan 12, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.… | |||
| CVE-2023-22397 | 0.00 | — | 0.00 | Jan 12, 2023 | An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and… | |||
| CVE-2023-22391 | 0.00 | — | 0.01 | Jan 12, 2023 | A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other… | |||
| CVE-2023-22396 | 0.00 | — | 0.01 | Jan 12, 2023 | An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a… | |||
| CVE-2023-22393 | 0.00 | — | 0.01 | Jan 12, 2023 | An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of… | |||
| CVE-2023-22403 | 0.00 | — | 0.01 | Jan 12, 2023 | An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol… | |||
| CVE-2023-22398 | 0.00 | — | 0.00 | Jan 12, 2023 | An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the… | |||
| CVE-2023-22412 | 0.00 | — | 0.00 | Jan 12, 2023 | An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued… | |||
| CVE-2023-22408 | 0.00 | — | 0.01 | Jan 12, 2023 | An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP… | |||
| CVE-2023-22407 | 0.00 | — | 0.00 | Jan 12, 2023 | An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs… | |||
| CVE-2023-22400 | 0.00 | — | 0.01 | Jan 12, 2023 | An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or… | |||
| CVE-2023-22404 | 0.00 | — | 0.01 | Jan 12, 2023 | An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel… | |||
| CVE-2023-22402 | 0.00 | — | 0.01 | Jan 12, 2023 | A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is… | |||
| CVE-2023-22417 | 0.00 | — | 0.01 | Jan 12, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a… | |||
| CVE-2023-22405 | 0.00 | — | 0.00 | Jan 12, 2023 | An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of… | |||
| CVE-2023-22406 | 0.00 | — | 0.00 | Jan 12, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer… | |||
| CVE-2023-22413 | 0.00 | — | 0.01 | Jan 12, 2023 | An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets… | |||
| CVE-2023-22401 | 0.00 | — | 0.01 | Jan 12, 2023 | An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016… | |||
| CVE-2023-22411 | 0.00 | — | 0.01 | Jan 12, 2023 | An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes… | |||
| CVE-2023-22394 | 0.00 | — | 0.01 | Jan 12, 2023 | An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms… | |||
| CVE-2023-22416 | 0.00 | — | 0.01 | Jan 12, 2023 | A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow… | |||
| CVE-2023-22399 | 0.00 | — | 0.01 | Jan 12, 2023 | When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific… | |||
| CVE-2023-22415 | 0.00 | — | 0.01 | Jan 12, 2023 | An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received… | |||
| CVE-2023-22395 | 0.00 | — | 0.00 | Jan 12, 2023 | A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging… | |||
| CVE-2022-22184 | 0.00 | — | 0.01 | Dec 23, 2022 | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP… | |||
| CVE-2022-22251 | 0.00 | — | 0.00 | Oct 18, 2022 | On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any… |
- CVE-2023-28963Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All…
- CVE-2023-28973Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions…
- CVE-2023-28960Apr 17, 2023risk 0.00cvss —epss 0.00
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator…
- CVE-2023-28964Apr 17, 2023risk 0.00cvss —epss 0.01
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued…
- CVE-2023-28959Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than…
- CVE-2023-28971Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal…
- CVE-2023-1697Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames…
- CVE-2023-28980Apr 17, 2023risk 0.00cvss —epss 0.00
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after…
- CVE-2023-28962Apr 17, 2023risk 0.00cvss —epss 0.01
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All…
- CVE-2023-28968Apr 17, 2023risk 0.00cvss —epss 0.01
An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic…
- CVE-2023-28984Apr 17, 2023risk 0.00cvss —epss 0.00
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of…
- CVE-2023-28975Apr 17, 2023risk 0.00cvss —epss 0.00
An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine…
- CVE-2023-28961Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine…
- CVE-2023-28978Apr 17, 2023risk 0.00cvss —epss 0.00
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about…
- CVE-2023-28982Apr 17, 2023risk 0.00cvss —epss 0.01
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an…
- CVE-2023-28967Apr 17, 2023risk 0.00cvss —epss 0.01
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial…
- CVE-2023-28981Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically…
- CVE-2023-28966Apr 17, 2023risk 0.00cvss —epss 0.00
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system…
- CVE-2023-28970Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a…
- CVE-2023-28972Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as…
- CVE-2023-28965Apr 17, 2023risk 0.00cvss —epss 0.01
An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial…
- CVE-2023-28979Apr 17, 2023risk 0.00cvss —epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop…
- CVE-2023-22410Jan 12, 2023risk 0.00cvss —epss 0.01
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious…
- CVE-2023-22409Jan 12, 2023risk 0.00cvss —epss 0.00
An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with…
- CVE-2023-22414Jan 12, 2023risk 0.00cvss —epss 0.00
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.…
- CVE-2023-22397Jan 12, 2023risk 0.00cvss —epss 0.00
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and…
- CVE-2023-22391Jan 12, 2023risk 0.00cvss —epss 0.01
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other…
- CVE-2023-22396Jan 12, 2023risk 0.00cvss —epss 0.01
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a…
- CVE-2023-22393Jan 12, 2023risk 0.00cvss —epss 0.01
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of…
- CVE-2023-22403Jan 12, 2023risk 0.00cvss —epss 0.01
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol…
- CVE-2023-22398Jan 12, 2023risk 0.00cvss —epss 0.00
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the…
- CVE-2023-22412Jan 12, 2023risk 0.00cvss —epss 0.00
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued…
- CVE-2023-22408Jan 12, 2023risk 0.00cvss —epss 0.01
An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP…
- CVE-2023-22407Jan 12, 2023risk 0.00cvss —epss 0.00
An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs…
- CVE-2023-22400Jan 12, 2023risk 0.00cvss —epss 0.01
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or…
- CVE-2023-22404Jan 12, 2023risk 0.00cvss —epss 0.01
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel…
- CVE-2023-22402Jan 12, 2023risk 0.00cvss —epss 0.01
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is…
- CVE-2023-22417Jan 12, 2023risk 0.00cvss —epss 0.01
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a…
- CVE-2023-22405Jan 12, 2023risk 0.00cvss —epss 0.00
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of…
- CVE-2023-22406Jan 12, 2023risk 0.00cvss —epss 0.00
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer…
- CVE-2023-22413Jan 12, 2023risk 0.00cvss —epss 0.01
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets…
- CVE-2023-22401Jan 12, 2023risk 0.00cvss —epss 0.01
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016…
- CVE-2023-22411Jan 12, 2023risk 0.00cvss —epss 0.01
An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes…
- CVE-2023-22394Jan 12, 2023risk 0.00cvss —epss 0.01
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms…
- CVE-2023-22416Jan 12, 2023risk 0.00cvss —epss 0.01
A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow…
- CVE-2023-22399Jan 12, 2023risk 0.00cvss —epss 0.01
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific…
- CVE-2023-22415Jan 12, 2023risk 0.00cvss —epss 0.01
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received…
- CVE-2023-22395Jan 12, 2023risk 0.00cvss —epss 0.00
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging…
- CVE-2022-22184Dec 23, 2022risk 0.00cvss —epss 0.01
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP…
- CVE-2022-22251Oct 18, 2022risk 0.00cvss —epss 0.00
On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any…
Page 11 of 22