Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-0252 Command Injection vulnerability in Juniper Junos
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process.
local
low complexity
juniper CWE-77
7.8
2021-04-22 CVE-2021-0251 NULL Pointer Dereference vulnerability in Juniper Junos
A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device.
network
low complexity
juniper CWE-476
8.6
2021-04-22 CVE-2021-0250 Unspecified vulnerability in Juniper Junos
In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition.
network
low complexity
juniper
7.5
2021-04-22 CVE-2021-0249 Classic Buffer Overflow vulnerability in Juniper Junos
On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device.
network
low complexity
juniper CWE-120
critical
9.8
2021-04-22 CVE-2021-0248 Use of Hard-coded Credentials vulnerability in Juniper Junos
This issue is not applicable to NFX NextGen Software.
network
low complexity
juniper CWE-798
critical
10.0
2021-04-22 CVE-2021-0247 Race Condition vulnerability in Juniper Junos
A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device.
network
high complexity
juniper CWE-362
5.5
2021-04-22 CVE-2021-0246 Incorrect Default Permissions vulnerability in Juniper Junos 18.3/18.4/19.1
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.
local
low complexity
juniper CWE-276
7.3
2021-04-22 CVE-2021-0245 Use of Hard-coded Credentials vulnerability in Juniper Junos
A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device.
local
low complexity
juniper CWE-798
7.8
2021-04-22 CVE-2021-0244 Race Condition vulnerability in Juniper Junos
A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices.
network
low complexity
juniper CWE-362
7.4
2021-04-22 CVE-2021-0243 Unspecified vulnerability in Juniper Junos
Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition.
low complexity
juniper
4.7