Vulnerabilities > Juniper

DATE CVE VULNERABILITY TITLE RISK
2018-07-11 CVE-2018-0027 Improper Input Validation vulnerability in Juniper Junos 16.1
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash.
network
juniper CWE-20
4.3
2018-07-11 CVE-2018-0026 Unspecified vulnerability in Juniper Junos 15.1/15.1X8
After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect.
network
low complexity
juniper
5.0
2018-07-11 CVE-2018-0025 Unspecified vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors.
network
juniper
4.3
2018-07-11 CVE-2018-0024 Improper Privilege Management vulnerability in Juniper Junos
An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system.
local
low complexity
juniper CWE-269
7.2
2018-04-11 CVE-2018-0023 Incorrect Default Permissions vulnerability in Juniper Jsnapy
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github.
local
low complexity
juniper CWE-276
2.1
2018-04-11 CVE-2018-0022 Resource Exhaustion vulnerability in Juniper Junos
A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet.
network
low complexity
juniper CWE-400
7.8
2018-04-11 CVE-2018-0021 Unspecified vulnerability in Juniper Junos
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0.
low complexity
juniper
3.3
2018-04-11 CVE-2018-0020 Improper Input Validation vulnerability in Juniper Junos
Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart.
network
low complexity
juniper CWE-20
7.8
2018-04-11 CVE-2018-0019 Improper Input Validation vulnerability in Juniper Junos
A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem.
network
juniper CWE-20
4.3
2018-04-11 CVE-2018-0018 Information Exposure vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device.
network
juniper CWE-200
4.3