Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2017-10623 Improper Authentication vulnerability in Juniper Junos Space
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes.
network
high complexity
juniper CWE-287
8.1
2017-10-13 CVE-2017-10622 Improper Authentication vulnerability in Juniper Junos Space 16.1/17.1
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user.
network
low complexity
juniper CWE-287
critical
9.8
2017-10-13 CVE-2017-10621 Resource Exhaustion vulnerability in Juniper Junos
A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service.
network
low complexity
juniper CWE-400
5.3
2017-10-13 CVE-2017-10620 Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates.
network
high complexity
juniper CWE-295
7.4
2017-10-13 CVE-2017-10619 Unspecified vulnerability in Juniper Junos 12.3X48/15.1X49
When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node.
network
low complexity
juniper
7.5
2017-10-13 CVE-2017-10618 Unspecified vulnerability in Juniper Junos
When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart.
network
high complexity
juniper
5.9
2017-10-13 CVE-2017-10615 Improper Input Validation vulnerability in Juniper Junos 14.1/14.1X53/14.2
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM.
network
low complexity
juniper CWE-20
critical
9.8
2017-10-13 CVE-2017-10614 Resource Exhaustion vulnerability in Juniper Junos
A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack.
network
low complexity
juniper CWE-400
7.5
2017-10-13 CVE-2017-10613 Resource Exhaustion vulnerability in Juniper Junos
A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel.
local
low complexity
juniper CWE-400
5.5
2017-10-13 CVE-2017-10612 Cross-site Scripting vulnerability in Juniper Junos Space
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators.
network
low complexity
juniper CWE-79
8.0