Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-1609 OS Command Injection vulnerability in Juniper Junos
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.
low complexity
juniper CWE-78
8.8
2020-01-15 CVE-2020-1608 Unspecified vulnerability in Juniper Junos
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.
network
low complexity
juniper
7.5
2020-01-15 CVE-2020-1607 Cross-site Scripting vulnerability in Juniper Junos
Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user.
network
low complexity
juniper CWE-79
6.1
2020-01-15 CVE-2020-1606 Path Traversal vulnerability in Juniper Junos
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.
network
low complexity
juniper CWE-22
8.1
2020-01-15 CVE-2020-1605 OS Command Injection vulnerability in Juniper Junos
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.
low complexity
juniper CWE-78
8.8
2020-01-15 CVE-2020-1604 Unspecified vulnerability in Juniper Junos
On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.
network
low complexity
juniper
5.3
2020-01-15 CVE-2020-1603 Memory Leak vulnerability in Juniper Junos
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled.
network
low complexity
juniper CWE-401
8.6
2020-01-15 CVE-2020-1602 OS Command Injection vulnerability in Juniper Junos
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process.
low complexity
juniper CWE-78
8.8
2020-01-15 CVE-2020-1601 Unspecified vulnerability in Juniper Junos
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).
network
low complexity
juniper
7.5
2020-01-15 CVE-2020-1600 Infinite Loop vulnerability in Juniper Junos
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.
network
low complexity
juniper CWE-835
6.5