Vulnerabilities > Juniper > Junos > 16.1x65

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-31372 Improper Input Validation vulnerability in Juniper Junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device.
network
low complexity
juniper CWE-20
critical
9.0
2021-07-15 CVE-2021-0289 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Juniper Junos
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer.
2.9
2021-04-22 CVE-2021-0248 Use of Hard-coded Credentials vulnerability in Juniper Junos
This issue is not applicable to NFX NextGen Software.
network
low complexity
juniper CWE-798
7.5
2020-04-08 CVE-2020-1614 Use of Hard-coded Credentials vulnerability in Juniper Junos
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g.
network
juniper CWE-798
critical
9.3
2019-10-09 CVE-2019-0070 Improper Input Validation vulnerability in Juniper Junos
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control.
local
low complexity
juniper CWE-20
7.2
2019-10-09 CVE-2019-0057 Unspecified vulnerability in Juniper Junos
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system.
local
low complexity
juniper
7.2
2019-04-10 CVE-2019-0043 Unspecified vulnerability in Juniper Junos
In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart.
network
low complexity
juniper
5.0
2019-04-10 CVE-2019-0039 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks.
network
high complexity
juniper CWE-307
8.1
2019-04-10 CVE-2019-0035 Insufficiently Protected Credentials vulnerability in Juniper Junos 15.1/15.1X49/15.1X53
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected.
local
low complexity
juniper CWE-522
7.2
2019-04-10 CVE-2019-0028 Unspecified vulnerability in Juniper Junos
On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart.
network
low complexity
juniper
5.0