Vulnerabilities > Juniper > Junos > 17.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1619 | Unspecified vulnerability in Juniper Junos A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. | 6.7 |
| 2020-04-08 | CVE-2020-1618 | Improper Authentication vulnerability in Juniper Junos On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. | 6.8 |
| 2020-04-08 | CVE-2020-1615 | Use of Hard-coded Credentials vulnerability in Juniper Junos The factory configuration for vMX installations, as shipped, includes default credentials for the root account. | 9.8 |
| 2020-04-08 | CVE-2020-1614 | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 10.0 |
| 2020-04-08 | CVE-2020-1613 | Unspecified vulnerability in Juniper Junos A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. | 7.5 |
| 2020-01-15 | CVE-2020-1609 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |
| 2020-01-15 | CVE-2020-1607 | Cross-site Scripting vulnerability in Juniper Junos Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. | 6.1 |
| 2020-01-15 | CVE-2020-1606 | Path Traversal vulnerability in Juniper Junos A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. | 8.1 |
| 2020-01-15 | CVE-2020-1605 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. | 8.8 |
| 2020-01-15 | CVE-2020-1604 | Unspecified vulnerability in Juniper Junos On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. | 5.3 |