Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-0059 Cross-site Scripting vulnerability in Juniper Netscreen Screenos
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
2018-10-10 CVE-2018-0058 Improper Input Validation vulnerability in Juniper Junos
Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot.
network
low complexity
juniper CWE-20
7.5
2018-10-10 CVE-2018-0057 Unspecified vulnerability in Juniper Junos
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile.
network
low complexity
juniper
critical
9.6
2018-10-10 CVE-2018-0056 Improper Input Validation vulnerability in Juniper Junos
If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces.
high complexity
juniper CWE-20
5.3
2018-10-10 CVE-2018-0055 Improper Input Validation vulnerability in Juniper Junos
Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash.
high complexity
juniper CWE-20
5.3
2018-10-10 CVE-2018-0054 Resource Exhaustion vulnerability in Juniper Junos
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps.
low complexity
juniper CWE-400
6.5
2018-10-10 CVE-2018-0053 Improper Authentication vulnerability in Juniper Junos 15.1X49
An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the system is initially booted up.
low complexity
juniper CWE-287
6.8
2018-10-10 CVE-2018-0052 Improper Authentication vulnerability in Juniper Junos
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device.
network
high complexity
juniper CWE-287
8.1
2018-10-10 CVE-2018-0051 Improper Input Validation vulnerability in Juniper Junos
A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process.
network
high complexity
juniper CWE-20
5.9
2018-10-10 CVE-2018-0050 Improper Input Validation vulnerability in Juniper Junos 14.1/14.1X53/14.2
An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash.
network
high complexity
juniper CWE-20
5.9