Vulnerabilities > Juniper > Junos

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2017-10608 Resource Exhaustion vulnerability in Juniper Junos
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs.
network
low complexity
juniper CWE-400
7.5
2017-10-13 CVE-2017-10607 Unspecified vulnerability in Juniper Junos 16.1
Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart.
network
low complexity
juniper
7.5
2017-10-13 CVE-2016-4924 Permission Issues vulnerability in Juniper Junos 14.1/15.1
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys.
local
low complexity
juniper CWE-275
5.5
2017-10-13 CVE-2016-4923 Cross-site Scripting vulnerability in Juniper Junos
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device.
network
low complexity
juniper CWE-79
6.1
2017-10-13 CVE-2016-4922 Command Injection vulnerability in Juniper Junos
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system.
local
low complexity
juniper CWE-77
7.8
2017-10-13 CVE-2016-4921 Resource Management Errors vulnerability in Juniper Junos
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic.
network
low complexity
juniper CWE-399
7.5
2017-10-13 CVE-2016-1261 Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).
network
low complexity
juniper CWE-352
8.8
2017-07-17 CVE-2017-2349 Command Injection vulnerability in Juniper Junos
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges.
network
low complexity
juniper CWE-77
8.8
2017-07-17 CVE-2017-2348 Resource Exhaustion vulnerability in Juniper Junos
The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet.
network
low complexity
juniper CWE-400
7.5
2017-07-17 CVE-2017-2347 Improper Input Validation vulnerability in Juniper Junos
A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured.
network
low complexity
juniper CWE-20
7.5