Vulnerabilities > Juniper > Junos > 18.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-1631 | Path Traversal vulnerability in Juniper Junos A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. | 9.8 |
| 2020-04-15 | CVE-2020-1632 | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. | 7.8 |
| 2020-04-09 | CVE-2020-1633 | Unspecified vulnerability in Juniper Junos Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. low complexity juniper | 3.3 |
| 2020-04-08 | CVE-2020-1637 | Improper Authentication vulnerability in Juniper Junos A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. | 5.8 |
| 2020-04-08 | CVE-2020-1630 | Unspecified vulnerability in Juniper Junos A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. | 2.1 |
| 2020-04-08 | CVE-2020-1629 | Race Condition vulnerability in Juniper Junos A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. | 4.3 |
| 2020-04-08 | CVE-2020-1628 | Unspecified vulnerability in Juniper Junos Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. | 5.0 |
| 2020-04-08 | CVE-2020-1627 | Improper Input Validation vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. | 5.0 |
| 2020-04-08 | CVE-2020-1625 | Memory Leak vulnerability in Juniper Junos The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. | 3.3 |
| 2020-04-08 | CVE-2020-1619 | Unspecified vulnerability in Juniper Junos A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. | 4.6 |