Vulnerabilities > Juniper > Junos OS Evolved
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-11 | CVE-2023-44190 | Origin Validation Error vulnerability in Juniper Junos OS Evolved An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. | 5.4 |
| 2023-10-11 | CVE-2023-44186 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). | 7.5 |
| 2023-10-11 | CVE-2023-44187 | Information Exposure vulnerability in Juniper Junos OS Evolved An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. | 5.5 |
| 2023-09-01 | CVE-2023-4481 | Unspecified vulnerability in Juniper Junos An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. | 7.5 |
| 2023-07-14 | CVE-2023-36836 | Use of Uninitialized Resource vulnerability in Juniper Junos A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. | 4.7 |
| 2023-07-14 | CVE-2023-36840 | Reachable Assertion vulnerability in Juniper Junos A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. | 5.5 |
| 2023-07-14 | CVE-2023-36849 | Improper Check or Handling of Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. | 6.5 |
| 2023-07-14 | CVE-2023-36833 | Use After Free vulnerability in Juniper Junos OS Evolved A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. | 6.5 |
| 2023-06-21 | CVE-2023-0026 | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
| 2023-04-17 | CVE-2023-28978 | Insecure Default Initialization of Resource vulnerability in Juniper Junos OS Evolved An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. | 5.3 |