Vulnerabilities > Juniper > Junos

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-2346 Unspecified vulnerability in Juniper Junos
An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG).
network
high complexity
juniper
5.9
2017-07-17 CVE-2017-2345 Improper Input Validation vulnerability in Juniper Junos
On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet.
network
low complexity
juniper CWE-20
critical
9.8
2017-07-17 CVE-2017-2344 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow.
local
low complexity
juniper CWE-119
7.8
2017-07-17 CVE-2017-2343 Use of Hard-coded Credentials vulnerability in Juniper Junos 12.3X48/15.1X49
The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices.
network
low complexity
juniper CWE-798
critical
9.8
2017-07-17 CVE-2017-2342 Unspecified vulnerability in Juniper Junos 15.1X49
MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established.
low complexity
juniper
8.1
2017-07-17 CVE-2017-2341 Improper Authentication vulnerability in Juniper Junos
An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges.
local
low complexity
juniper CWE-287
8.8
2017-07-17 CVE-2017-2314 Improper Input Validation vulnerability in Juniper Junos
Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart.
network
low complexity
juniper CWE-20
7.5
2017-07-17 CVE-2017-10605 Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s).
network
low complexity
juniper CWE-20
7.5
2017-07-17 CVE-2017-10604 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account.
network
low complexity
juniper CWE-307
5.3
2017-07-17 CVE-2017-10603 XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos 15.1/15.1X53
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user.
local
low complexity
juniper CWE-91
7.8