VYPR

Vendor CVEs

Juniper Networks

All CVEs

1,081 total · sorted by risk
  • CVE-2019-0039Apr 10, 2019
    risk 0.00cvss epss 0.01

    If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a…

  • CVE-2019-0038Apr 10, 2019
    risk 0.00cvss epss 0.01

    Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are…

  • CVE-2019-0037Apr 10, 2019
    risk 0.00cvss epss 0.01

    In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the…

  • CVE-2019-0036Apr 10, 2019
    risk 0.00cvss epss 0.01

    When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will…

  • CVE-2019-0035Apr 10, 2019
    risk 0.00cvss epss 0.00

    When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and…

  • CVE-2019-0033Apr 10, 2019
    risk 0.00cvss epss 0.02

    A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and…

  • CVE-2019-0032Apr 10, 2019
    risk 0.00cvss epss 0.00

    A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected…

  • CVE-2019-0031Apr 10, 2019
    risk 0.00cvss epss 0.02

    Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request…

  • CVE-2019-0028Apr 10, 2019
    risk 0.00cvss epss 0.01

    On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and…

  • CVE-2019-0019Apr 10, 2019
    risk 0.00cvss epss 0.01

    When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS:…

  • CVE-2019-0008Apr 10, 2019
    risk 0.00cvss epss 0.05

    A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to…

  • CVE-2019-0006Jan 15, 2019
    risk 0.00cvss epss 0.05

    A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may…

  • CVE-2019-0029Jan 15, 2019
    risk 0.00cvss epss 0.00

    Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

  • CVE-2019-0030Jan 15, 2019
    risk 0.00cvss epss 0.01

    Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

  • CVE-2019-0013Jan 15, 2019
    risk 0.00cvss epss 0.02

    The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM…

  • CVE-2019-0015Jan 15, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token…

  • CVE-2019-0011Jan 15, 2019
    risk 0.00cvss epss 0.01

    The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a…

  • CVE-2019-0005Jan 15, 2019
    risk 0.00cvss epss 0.01

    On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this…

  • CVE-2019-0017Jan 15, 2019
    risk 0.00cvss epss 0.01

    The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

  • CVE-2019-0010Jan 15, 2019
    risk 0.00cvss epss 0.03

    An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM…

  • CVE-2019-0007Jan 15, 2019
    risk 0.00cvss epss 0.02

    The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was…

  • CVE-2019-0020Jan 15, 2019
    risk 0.00cvss epss 0.02

    Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

  • CVE-2019-0001Jan 15, 2019
    risk 0.00cvss epss 0.03

    Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the…

  • CVE-2019-0023Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to…

  • CVE-2019-0002Jan 15, 2019
    risk 0.00cvss epss 0.02

    On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group…

  • CVE-2019-0004Jan 15, 2019
    risk 0.00cvss epss 0.00

    On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

  • CVE-2019-0025Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0022Jan 15, 2019
    risk 0.00cvss epss 0.01

    Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

  • CVE-2019-0012Jan 15, 2019
    risk 0.00cvss epss 0.02

    A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can…

  • CVE-2019-0016Jan 15, 2019
    risk 0.00cvss epss 0.01

    A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper…

  • CVE-2019-0026Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to…

  • CVE-2019-0027Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative…

  • CVE-2019-0021Jan 15, 2019
    risk 0.00cvss epss 0.00

    On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.

  • CVE-2019-0018Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0014Jan 15, 2019
    risk 0.00cvss epss 0.02

    On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a…

  • CVE-2019-0009Jan 15, 2019
    risk 0.00cvss epss 0.00

    On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect…

  • CVE-2019-0024Jan 15, 2019
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user…

  • CVE-2019-0003Jan 15, 2019
    risk 0.00cvss epss 0.02

    When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being…

  • CVE-2018-0046Oct 10, 2018
    risk 0.00cvss epss 0.02

    A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks…

  • CVE-2018-0045Oct 10, 2018
    risk 0.00cvss epss 0.01

    Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the…

  • CVE-2018-0047Oct 10, 2018
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users…

  • CVE-2018-0043Oct 10, 2018
    risk 0.00cvss epss 0.01

    Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service.…

  • CVE-2018-0058Oct 10, 2018
    risk 0.00cvss epss 0.01

    Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by…

  • CVE-2018-0062Oct 10, 2018
    risk 0.00cvss epss 0.02

    A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to…

  • CVE-2018-0056Oct 10, 2018
    risk 0.00cvss epss 0.01

    If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC…

  • CVE-2018-0063Oct 10, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be…

  • CVE-2018-0044Oct 10, 2018
    risk 0.00cvss epss 0.01

    An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes".…

  • CVE-2018-0057Oct 10, 2018
    risk 0.00cvss epss 0.01

    On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access…

  • CVE-2018-0048Oct 10, 2018
    risk 0.00cvss epss 0.03

    A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and…

  • CVE-2018-0054Oct 10, 2018
    risk 0.00cvss epss 0.01

    On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following…

Page 19 of 22