Vulnerabilities > Juniper > Junos > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2017-10613 Resource Exhaustion vulnerability in Juniper Junos
A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel.
local
low complexity
juniper CWE-400
5.5
2017-10-13 CVE-2017-10611 Unspecified vulnerability in Juniper Junos
If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart.
network
high complexity
juniper
5.9
2017-10-13 CVE-2017-10610 Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash.
network
high complexity
juniper CWE-20
5.9
2017-10-13 CVE-2016-4924 Permission Issues vulnerability in Juniper Junos 14.1/15.1
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys.
local
low complexity
juniper CWE-275
5.5
2017-10-13 CVE-2016-4923 Cross-site Scripting vulnerability in Juniper Junos
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device.
network
low complexity
juniper CWE-79
6.1
2017-07-17 CVE-2017-2346 Unspecified vulnerability in Juniper Junos
An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG).
network
high complexity
juniper
5.9
2017-07-17 CVE-2017-10604 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account.
network
low complexity
juniper CWE-307
5.3
2017-04-24 CVE-2017-2340 Improper Input Validation vulnerability in Juniper Junos 15.1/16.1
On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash.
network
low complexity
juniper CWE-20
5.3
2017-04-24 CVE-2017-2312 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process.
network
low complexity
juniper CWE-772
6.5
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1