Vulnerabilities > Juniper > Junos > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-2341 Improper Authentication vulnerability in Juniper Junos
An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges.
local
low complexity
juniper CWE-287
8.8
2017-07-17 CVE-2017-2314 Improper Input Validation vulnerability in Juniper Junos
Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart.
network
low complexity
juniper CWE-20
7.5
2017-07-17 CVE-2017-10605 Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s).
network
low complexity
juniper CWE-20
7.5
2017-07-17 CVE-2017-10603 XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos 15.1/15.1X53
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user.
local
low complexity
juniper CWE-91
7.8
2017-07-17 CVE-2017-10602 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges.
local
low complexity
juniper CWE-119
7.8
2017-05-30 CVE-2017-2304 Information Exposure vulnerability in Juniper Junos 14.1X53/15.1/15.1X53
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets.
network
low complexity
juniper CWE-200
7.5
2017-05-30 CVE-2017-2303 Unspecified vulnerability in Juniper Junos
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.
network
low complexity
juniper
7.5
2017-05-30 CVE-2017-2302 Unspecified vulnerability in Juniper Junos
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart.
network
low complexity
juniper
7.5
2017-05-30 CVE-2017-2301 Unspecified vulnerability in Juniper Junos
On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts.
network
low complexity
juniper
7.5
2017-05-30 CVE-2017-2300 Unspecified vulnerability in Juniper Junos
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.
network
low complexity
juniper
7.5