Vulnerabilities > Juniper > Junos > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-11 CVE-2018-0022 Resource Exhaustion vulnerability in Juniper Junos
A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet.
network
low complexity
juniper CWE-400
7.5
2018-04-11 CVE-2018-0021 Unspecified vulnerability in Juniper Junos
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0.
low complexity
juniper
8.8
2018-04-11 CVE-2018-0020 Improper Input Validation vulnerability in Juniper Junos
Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart.
network
low complexity
juniper CWE-20
7.5
2018-04-11 CVE-2018-0016 Unspecified vulnerability in Juniper Junos
Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution.
network
high complexity
juniper
7.5
2018-01-10 CVE-2018-0005 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 14.1X53/15.1/15.1X53
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic.
low complexity
juniper CWE-754
8.8
2017-10-13 CVE-2017-10620 Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates.
network
high complexity
juniper CWE-295
7.4
2017-10-13 CVE-2017-10619 Unspecified vulnerability in Juniper Junos 12.3X48/15.1X49
When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node.
network
low complexity
juniper
7.5
2017-10-13 CVE-2017-10614 Resource Exhaustion vulnerability in Juniper Junos
A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack.
network
low complexity
juniper CWE-400
7.5
2017-10-13 CVE-2017-10608 Resource Exhaustion vulnerability in Juniper Junos
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs.
network
low complexity
juniper CWE-400
7.5
2017-10-13 CVE-2017-10607 Unspecified vulnerability in Juniper Junos 16.1
Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart.
network
low complexity
juniper
7.5