Vulnerabilities > Juniper > Junos

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-0070 Improper Input Validation vulnerability in Juniper Junos
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control.
local
low complexity
juniper CWE-20
8.8
2019-10-09 CVE-2019-0069 Cleartext Transmission of Sensitive Information vulnerability in Juniper Junos
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text.
local
low complexity
juniper CWE-319
5.5
2019-10-09 CVE-2019-0068 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos
The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets.
network
low complexity
juniper CWE-754
7.5
2019-10-09 CVE-2019-0067 Unspecified vulnerability in Juniper Junos 16.1/16.2/17.1
Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore).
low complexity
juniper
6.5
2019-10-09 CVE-2019-0066 Unspecified vulnerability in Juniper Junos
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0065 Unspecified vulnerability in Juniper Junos
On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0064 Unspecified vulnerability in Juniper Junos 18.2/18.4/19.2
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0063 Unspecified vulnerability in Juniper Junos
When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface.
network
low complexity
juniper
7.5
2019-10-09 CVE-2019-0062 Session Fixation vulnerability in Juniper Junos
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device.
network
low complexity
juniper CWE-384
8.8
2019-10-09 CVE-2019-0061 Unspecified vulnerability in Juniper Junos
The management daemon (MGD) is responsible for all configuration and management operations in Junos OS.
local
low complexity
juniper
7.8