Vulnerabilities > Juniper > Junos OS Evolved > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-13 CVE-2023-44204 Improper Input Validation vulnerability in Juniper Junos and Junos OS Evolved
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;
low complexity
juniper CWE-20
6.5
2023-10-12 CVE-2023-36839 Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device.
low complexity
juniper CWE-1284
6.5
2023-10-11 CVE-2023-44189 Origin Validation Error vulnerability in Juniper Junos OS Evolved
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.
low complexity
juniper CWE-346
5.4
2023-10-11 CVE-2023-44190 Origin Validation Error vulnerability in Juniper Junos OS Evolved
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network.
low complexity
juniper CWE-346
5.4
2023-10-11 CVE-2023-44187 Information Exposure vulnerability in Juniper Junos OS Evolved
An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line.
local
low complexity
juniper CWE-200
5.5
2023-07-14 CVE-2023-36836 Unspecified vulnerability in Juniper Junos
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed.
local
high complexity
juniper
4.7
2023-01-13 CVE-2023-22398 Access of Uninitialized Pointer vulnerability in Juniper Junos 15.1/19.1/19.2
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).
local
low complexity
juniper CWE-824
5.5
2022-10-18 CVE-2022-22220 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS).
network
high complexity
juniper CWE-367
5.9
2022-10-18 CVE-2022-22233 Unchecked Return Value vulnerability in Juniper Junos and Junos OS Evolved
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).
local
low complexity
juniper CWE-252
5.5
2022-10-18 CVE-2022-22238 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
low complexity
juniper CWE-754
6.5