Vulnerabilities > Juniper > Junos > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-1660 Unspecified vulnerability in Juniper Junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart.
network
low complexity
juniper
critical
9.9
2020-07-17 CVE-2020-1647 Double Free vulnerability in Juniper Junos
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message.
network
low complexity
juniper CWE-415
critical
9.8
2020-07-17 CVE-2020-1654 Classic Buffer Overflow vulnerability in Juniper Junos
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition.
network
low complexity
juniper CWE-120
critical
9.8
2020-05-04 CVE-2020-1631 Path Traversal vulnerability in Juniper Junos
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal.
network
low complexity
juniper CWE-22
critical
9.8
2020-04-08 CVE-2020-1614 Use of Hard-coded Credentials vulnerability in Juniper Junos
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g.
network
low complexity
juniper CWE-798
critical
10.0
2020-04-08 CVE-2020-1615 Use of Hard-coded Credentials vulnerability in Juniper Junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account.
network
low complexity
juniper CWE-798
critical
9.8
2020-03-06 CVE-2020-10188 Classic Buffer Overflow vulnerability in multiple products
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
9.8
2019-04-10 CVE-2019-0008 Out-of-bounds Write vulnerability in Juniper Junos
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices.
network
low complexity
juniper CWE-787
critical
9.8
2019-04-10 CVE-2019-0036 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g.
network
low complexity
juniper CWE-754
critical
9.8
2019-04-10 CVE-2019-0040 Information Exposure vulnerability in Juniper Junos
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI).
network
low complexity
juniper CWE-200
critical
9.1