Vulnerabilities > Juniper > Junos OS Evolved

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-44175 Reachable Assertion vulnerability in Juniper Junos
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.
network
low complexity
juniper CWE-617
7.5
2023-10-11 CVE-2023-44189 Origin Validation Error vulnerability in Juniper Junos OS Evolved
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.
low complexity
juniper CWE-346
5.4
2023-10-11 CVE-2023-44190 Origin Validation Error vulnerability in Juniper Junos OS Evolved
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.
low complexity
juniper CWE-346
5.4
2023-10-11 CVE-2023-44186 Improper Handling of Exceptional Conditions vulnerability in Juniper Junos
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS).
network
low complexity
juniper CWE-755
7.5
2023-10-11 CVE-2023-44187 Information Exposure vulnerability in Juniper Junos OS Evolved
An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line.
local
low complexity
juniper CWE-200
5.5
2023-07-14 CVE-2023-36836 Unspecified vulnerability in Juniper Junos
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed.
local
high complexity
juniper
4.7
2023-01-13 CVE-2023-22393 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS).
network
low complexity
juniper CWE-754
7.5
2023-01-13 CVE-2023-22398 Access of Uninitialized Pointer vulnerability in Juniper Junos 15.1/19.1/19.2
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).
local
low complexity
juniper CWE-824
5.5
2023-01-13 CVE-2023-22401 Improper Validation of Array Index vulnerability in Juniper Junos and Junos OS Evolved
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
network
low complexity
juniper CWE-129
7.5
2022-10-18 CVE-2022-22220 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS).
network
high complexity
juniper CWE-367
5.9