Vulnerabilities > Juniper > Junos OS Evolved > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-0291 Information Exposure vulnerability in Juniper Junos 15.1/17.3/17.4
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource.
network
low complexity
juniper CWE-200
6.5
2021-07-15 CVE-2021-0292 Resource Exhaustion vulnerability in Juniper Junos OS Evolved 19.4/20.1/20.2
An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition.
low complexity
juniper CWE-400
6.5
2021-04-22 CVE-2021-0239 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.4
In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition.
low complexity
juniper CWE-754
6.5
2021-04-22 CVE-2021-0225 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved
An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect.
network
low complexity
juniper CWE-754
5.8
2021-01-15 CVE-2021-0209 Access of Uninitialized Pointer vulnerability in Juniper Junos OS Evolved 19.4/20.1
In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS).
low complexity
juniper CWE-824
6.5
2020-04-08 CVE-2020-1624 Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files.
local
low complexity
juniper CWE-532
5.5
2020-04-08 CVE-2020-1623 Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1/19.2
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file.
local
low complexity
juniper CWE-532
5.5
2020-04-08 CVE-2020-1622 Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore.
local
low complexity
juniper CWE-532
5.5
2020-04-08 CVE-2020-1621 Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces.
local
low complexity
juniper CWE-532
5.5
2020-04-08 CVE-2020-1620 Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log.
local
low complexity
juniper CWE-532
5.5