Vulnerabilities > Juniper > Junos > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0035 Insufficiently Protected Credentials vulnerability in Juniper Junos
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected.
low complexity
juniper CWE-522
6.8
2019-01-15 CVE-2019-0015 Insufficient Session Expiration vulnerability in Juniper Junos
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted.
network
low complexity
juniper CWE-613
5.4
2019-01-15 CVE-2019-0011 Unspecified vulnerability in Juniper Junos
The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address.
low complexity
juniper
6.5
2019-01-15 CVE-2019-0009 Unspecified vulnerability in Juniper Junos 15.1X53/18.1/18.2
On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).
local
low complexity
juniper
5.5
2019-01-15 CVE-2019-0005 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos
On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers.
network
low complexity
juniper CWE-770
5.3
2019-01-15 CVE-2019-0003 Reachable Assertion vulnerability in Juniper Junos
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated.
network
high complexity
juniper CWE-617
5.9
2018-10-10 CVE-2018-0063 Resource Exhaustion vulnerability in Juniper Junos 17.3
A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit.
low complexity
juniper CWE-400
6.5
2018-10-10 CVE-2018-0061 Resource Exhaustion vulnerability in Juniper Junos
A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance.
network
low complexity
juniper CWE-400
5.3
2018-10-10 CVE-2018-0060 Improper Input Validation vulnerability in Juniper Junos
An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself.
network
high complexity
juniper CWE-20
5.9
2018-10-10 CVE-2018-0056 Improper Input Validation vulnerability in Juniper Junos
If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces.
high complexity
juniper CWE-20
5.3