Latest critical severity vulnerabilities for "juniper junos"

Filters

Versions

19.1

18.4-r1

Juniper JUNOSJunos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

critical

9.8

EPSS

0.26%

First published (updated )

CVE-2024-21591

Juniper JUNOSJunos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable

critical

9.8

Exploited

First published (updated )

CVE-2023-36845

Juniper JUNOSJunos OS: Unauthenticated access vulnerability in J-Web

critical

9.8

First published (updated )

CVE-2023-28962

Juniper JUNOSJunos OS: Vulnerability in J-Web may allow deserialization without authentication

critical

9.8

First published (updated )

CVE-2022-22241

Juniper JUNOSJunos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled

critical

9.3

First published (updated )

CVE-2022-22157

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJunos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy

critical

9.8

First published (updated )

CVE-2022-22167

Juniper JUNOSJunos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service

critical

First published (updated )

CVE-2021-31384

Juniper JUNOSJunos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.

critical

First published (updated )

CVE-2021-31372

Juniper JUNOSJunos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)

critical

First published (updated )

CVE-2021-31350

Juniper JUNOSJunos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces

critical

First published (updated )

CVE-2021-31382

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJunos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.

critical

9.3

First published (updated )

CVE-2021-0268

Juniper JUNOScSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.

critical

9.8

First published (updated )

CVE-2021-0266

Juniper JUNOSJunos OS: Remote code execution vulnerability in overlayd service

critical

9.8

First published (updated )

CVE-2021-0254

Juniper JUNOSJunos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled.

critical

First published (updated )

CVE-2021-0249

Juniper JUNOSJunos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.

critical

9.3

First published (updated )

CVE-2021-0275

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSNFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.

critical

First published (updated )

CVE-2021-0248

Juniper JUNOSJunos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.

critical

First published (updated )

CVE-2021-0211

Juniper JUNOSJunos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured.

critical

9.9

First published (updated )

CVE-2020-1660

Juniper JUNOSJunos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution

critical

9.8

First published (updated )

CVE-2020-1654

Juniper JUNOSJunos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled

critical

9.8

First published (updated )

CVE-2020-1647

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJuniper Junos OS Path Traversal Vulnerability

critical

9.8

Exploited

First published (updated )

CVE-2020-1631

Juniper JUNOSJunos OS: vMX: Default credentials supplied in vMX configuration

critical

First published (updated )

CVE-2020-1615

Juniper JUNOSNFX250 Series: Hardcoded credentials in the vSRX VNF instance.

critical

First published (updated )

CVE-2020-1614

Juniper JUNOSBuffer Overflow

critical

First published (updated )

CVE-2020-10188

Juniper JUNOSJunos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored

critical

9.8

First published (updated )

CVE-2019-0036

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSQFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process

critical

9.8

First published (updated )

CVE-2019-0008

Juniper JUNOSJunos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface

critical

9.1

First published (updated )

CVE-2019-0040

Juniper JUNOSJunos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect

critical

9.8

First published (updated )

CVE-2019-0002

Juniper JUNOSJunos OS: vMX series: Predictable IP ID sequence numbers vulnerability

critical

First published (updated )

CVE-2019-0007

Juniper JUNOSJunos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration

critical

9.8

First published (updated )

CVE-2019-0006

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJunos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)

critical

9.6

First published (updated )

CVE-2018-0057

Juniper JUNOSNFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

critical

9.8

First published (updated )

CVE-2018-0044

Juniper JUNOSJunos OS: Unauthenticated remote root access possible when RSH service is enabled

critical

9.3

First published (updated )

CVE-2018-0052

Juniper JUNOSJunos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages

critical

9.8

First published (updated )

CVE-2018-0037

Juniper JUNOSJunos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images

critical

First published (updated )

CVE-2018-0035

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJunos OS: Kernel crash upon receipt of crafted CLNP datagrams

critical

9.8

First published (updated )

CVE-2018-0016

Juniper JUNOSBuffer Overflow, Command Injection, Code Injection

critical

First published (updated )

CVE-2018-0007

Juniper JUNOSJunos: Unauthenticated Remote Code Execution through J-Web interface

critical

9.8

First published (updated )

CVE-2018-0001

Juniper JUNOSInput Validation

critical

9.8

First published (updated )

CVE-2017-10615

Juniper JUNOSA specific device configuration can result in a commit failure condition. When this occurs, a user i…

critical

First published (updated )

CVE-2017-10601

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSSRX Series: Hardcoded credentials in Integrated UserFW feature.

critical

First published (updated )

CVE-2017-2343

Juniper JUNOSJunos: snmpd denial of service upon receipt of crafted SNMP packet

critical

9.8

First published (updated )

CVE-2017-2345

Juniper JUNOSSRX Series: Command injection vulnerability in SRX IDP feature.

critical

9.9

First published (updated )

CVE-2017-2349

Juniper JUNOSInfoleak

critical

First published (updated )

CVE-2016-1279

Juniper JUNOSThe BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 b…

critical

9.3

First published (updated )

CVE-2015-5362

Never miss a vulnerability like this again

Read More Start Free Trial

Juniper JUNOSJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 1…

critical

First published (updated )

CVE-2014-3816

Juniper JUNOSInput Validation

critical

First published (updated )

CVE-2013-6618

Juniper JUNOSInfoleak

critical

9.3

First published (updated )

CVE-2013-6014

Juniper JUNOSBuffer Overflow

critical

First published (updated )

CVE-2013-4685

Versions

Juniper JUNOSJunos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

Juniper JUNOSJunos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable

Juniper JUNOSJunos OS: Unauthenticated access vulnerability in J-Web

Juniper JUNOSJunos OS: Vulnerability in J-Web may allow deserialization without authentication

Juniper JUNOSJunos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled

Never miss a vulnerability like this again

Juniper JUNOSJunos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy

Juniper JUNOSJunos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service

Juniper JUNOSJunos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.

Juniper JUNOSJunos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)

Juniper JUNOSJunos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces

Never miss a vulnerability like this again

Juniper JUNOSJunos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.

Juniper JUNOScSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.

Juniper JUNOSJunos OS: Remote code execution vulnerability in overlayd service

Juniper JUNOSJunos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled.

Juniper JUNOSJunos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.

Never miss a vulnerability like this again

Juniper JUNOSNFX Series: Hard-coded credentials allow an attacker to take control of any instance through administrative interfaces.

Juniper JUNOSJunos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.

Juniper JUNOSJunos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured.

Juniper JUNOSJunos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution

Juniper JUNOSJunos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled

Never miss a vulnerability like this again

Juniper JUNOSJuniper Junos OS Path Traversal Vulnerability

Juniper JUNOSJunos OS: vMX: Default credentials supplied in vMX configuration

Juniper JUNOSNFX250 Series: Hardcoded credentials in the vSRX VNF instance.

Juniper JUNOSBuffer Overflow

Juniper JUNOSJunos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored

Never miss a vulnerability like this again

Juniper JUNOSQFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process

Juniper JUNOSJunos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface

Juniper JUNOSJunos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect

Juniper JUNOSJunos OS: vMX series: Predictable IP ID sequence numbers vulnerability

Juniper JUNOSJunos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration

Never miss a vulnerability like this again

Juniper JUNOSJunos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)

Juniper JUNOSNFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

Juniper JUNOSJunos OS: Unauthenticated remote root access possible when RSH service is enabled

Juniper JUNOSJunos OS: RPD daemon crashes due to receipt of crafted BGP NOTIFICATION messages

Juniper JUNOSJunos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images

Never miss a vulnerability like this again

Juniper JUNOSJunos OS: Kernel crash upon receipt of crafted CLNP datagrams

Juniper JUNOSBuffer Overflow, Command Injection, Code Injection

Juniper JUNOSJunos: Unauthenticated Remote Code Execution through J-Web interface

Juniper JUNOSInput Validation

Juniper JUNOSA specific device configuration can result in a commit failure condition. When this occurs, a user i…

Never miss a vulnerability like this again

Juniper JUNOSSRX Series: Hardcoded credentials in Integrated UserFW feature.

Juniper JUNOSJunos: snmpd denial of service upon receipt of crafted SNMP packet

Juniper JUNOSSRX Series: Command injection vulnerability in SRX IDP feature.

Juniper JUNOSInfoleak

Juniper JUNOSThe BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 b…

Never miss a vulnerability like this again

Juniper JUNOSJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 1…

Juniper JUNOSInput Validation

Juniper JUNOSInfoleak

Juniper JUNOSBuffer Overflow

Company

Resources

Contact