Vulnerabilities > Juniper > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-17 CVE-2023-28962 Unrestricted Upload of File with Dangerous Type vulnerability in Juniper Junos
An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device.
network
low complexity
juniper CWE-434
critical
9.8
2022-10-18 CVE-2022-22241 Deserialization of Untrusted Data vulnerability in Juniper Junos
An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization.
network
low complexity
juniper CWE-502
critical
9.8
2021-10-19 CVE-2021-31349 Unspecified vulnerability in Juniper 128 Technology Session Smart Router Firmware
The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code.
network
low complexity
juniper
critical
9.8
2021-10-19 CVE-2021-31350 Improper Privilege Management vulnerability in Juniper Junos
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system.
network
low complexity
juniper CWE-269
critical
9.0
2021-10-19 CVE-2021-31372 Improper Input Validation vulnerability in Juniper Junos
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device.
network
low complexity
juniper CWE-20
critical
9.0
2021-04-22 CVE-2021-0275 Cross-site Scripting vulnerability in Juniper Junos
A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session.
network
juniper CWE-79
critical
9.3
2021-04-22 CVE-2021-0265 OS Command Injection vulnerability in Juniper Appformix
An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment.
network
low complexity
juniper CWE-78
critical
10.0
2021-04-22 CVE-2021-0249 Classic Buffer Overflow vulnerability in Juniper Junos 15.1X49/17.4
On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device.
network
low complexity
juniper CWE-120
critical
10.0
2020-05-04 CVE-2020-1631 Path Traversal vulnerability in Juniper Junos
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal.
network
low complexity
juniper CWE-22
critical
9.8
2020-04-08 CVE-2020-1615 Use of Hard-coded Credentials vulnerability in Juniper Junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account.
network
low complexity
juniper CWE-798
critical
10.0