Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2018-0009 Unspecified vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic.
network
high complexity
juniper
5.9
2018-01-10 CVE-2018-0008 Improper Authentication vulnerability in Juniper Junos
An unauthenticated root login may allow upon reboot when a commit script is used.
low complexity
juniper CWE-287
6.2
2018-01-10 CVE-2018-0007 Command Injection vulnerability in Juniper Junos
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service.
network
low complexity
juniper CWE-77
critical
9.8
2018-01-10 CVE-2018-0006 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition.
high complexity
juniper CWE-770
5.3
2018-01-10 CVE-2018-0005 Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 14.1X53/15.1/15.1X53
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic.
low complexity
juniper CWE-754
8.8
2018-01-10 CVE-2018-0004 Resource Exhaustion vulnerability in Juniper Junos
A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device.
network
low complexity
juniper CWE-400
6.5
2018-01-10 CVE-2018-0003 Unspecified vulnerability in Juniper Junos
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory.
low complexity
juniper
6.5
2018-01-10 CVE-2018-0002 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash.
network
high complexity
juniper CWE-119
5.9
2018-01-10 CVE-2018-0001 Use After Free vulnerability in Juniper Junos
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process.
network
low complexity
juniper CWE-416
critical
9.8
2017-10-13 CVE-2017-10624 Insufficient Verification of Data Authenticity vulnerability in Juniper Junos Space
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes.
network
high complexity
juniper CWE-345
7.5