Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-0297 Improper Handling of Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.3/20.4/21.1
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled.
network
low complexity
juniper CWE-755
6.5
2021-10-19 CVE-2021-31349 Unspecified vulnerability in Juniper 128 Technology Session Smart Router Firmware
The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code.
network
low complexity
juniper
critical
9.8
2021-10-19 CVE-2021-31350 Improper Privilege Management vulnerability in Juniper Junos and Junos OS Evolved
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system.
network
low complexity
juniper CWE-269
8.8
2021-10-19 CVE-2021-31354 Out-of-bounds Read vulnerability in Juniper Junos and Junos OS Evolved
An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE).
low complexity
juniper CWE-125
8.8
2021-10-19 CVE-2021-31355 Cross-site Scripting vulnerability in Juniper Junos
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2021-10-19 CVE-2021-31357 OS Command Injection vulnerability in Juniper Junos OS Evolved
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user.
local
low complexity
juniper CWE-78
7.8
2021-10-19 CVE-2021-31370 Unspecified vulnerability in Juniper Junos
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped.
low complexity
juniper
6.5
2021-10-19 CVE-2021-31373 Cross-site Scripting vulnerability in Juniper Junos
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts.
network
low complexity
juniper CWE-79
5.4
2021-10-19 CVE-2021-31375 Unspecified vulnerability in Juniper Junos
An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed.
network
low complexity
juniper
5.3
2021-10-19 CVE-2021-31378 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be forced into a "Terminating" state by an attacker who is able to send spoofed messages appearing to originate from trusted RADIUS server(s) destined to the device in response to the subscriber's request.
network
low complexity
juniper CWE-772
7.5