Vulnerabilities > Juniper > Junos > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2016-4922 Command Injection vulnerability in Juniper Junos
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system.
local
low complexity
juniper CWE-77
7.8
2017-10-13 CVE-2016-4921 Resource Management Errors vulnerability in Juniper Junos
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic.
network
low complexity
juniper CWE-399
7.5
2017-10-13 CVE-2016-1261 Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).
network
low complexity
juniper CWE-352
8.8
2017-07-17 CVE-2017-2349 Command Injection vulnerability in Juniper Junos
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges.
network
low complexity
juniper CWE-77
8.8
2017-07-17 CVE-2017-2348 Resource Exhaustion vulnerability in Juniper Junos
The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet.
network
low complexity
juniper CWE-400
7.5
2017-07-17 CVE-2017-2347 Improper Input Validation vulnerability in Juniper Junos
A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured.
network
low complexity
juniper CWE-20
7.5
2017-07-17 CVE-2017-2344 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow.
local
low complexity
juniper CWE-119
7.8
2017-07-17 CVE-2017-2342 Unspecified vulnerability in Juniper Junos 15.1X49
MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established.
low complexity
juniper
8.1
2017-07-17 CVE-2017-2341 Improper Authentication vulnerability in Juniper Junos
An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges.
local
low complexity
juniper CWE-287
8.8
2017-07-17 CVE-2017-2314 Improper Input Validation vulnerability in Juniper Junos
Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart.
network
low complexity
juniper CWE-20
7.5