Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2020-1616 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper products
Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit.
network
low complexity
juniper CWE-307
5.3
2020-04-08 CVE-2020-1615 Use of Hard-coded Credentials vulnerability in Juniper Junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account.
network
low complexity
juniper CWE-798
critical
9.8
2020-04-08 CVE-2020-1614 Use of Hard-coded Credentials vulnerability in Juniper Junos
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g.
network
low complexity
juniper CWE-798
critical
10.0
2020-04-08 CVE-2020-1613 Unspecified vulnerability in Juniper Junos
A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement.
network
low complexity
juniper
7.5
2020-03-06 CVE-2020-10188 Classic Buffer Overflow vulnerability in multiple products
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
9.8
2020-02-28 CVE-2015-5361 Inadequate Encryption Strength vulnerability in Juniper Junos
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel.
network
low complexity
juniper CWE-326
6.5
2020-02-28 CVE-2015-3006 Insufficient Entropy vulnerability in Juniper Junos
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.
network
low complexity
juniper CWE-331
6.5
2020-02-11 CVE-2014-6447 Cross-site Scripting vulnerability in Juniper Junos
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS).
network
low complexity
juniper CWE-79
7.1
2020-01-15 CVE-2014-6448 Improper Privilege Management vulnerability in Juniper Junos
Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
local
low complexity
juniper CWE-269
7.8
2020-01-15 CVE-2020-1611 Unspecified vulnerability in Juniper Junos Space
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.
network
low complexity
juniper
6.5