Vulnerabilities > Juniper > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-22229 | Cross-site Scripting vulnerability in Juniper Paragon Active Assurance Control Center An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. | 8.4 |
| 2022-10-18 | CVE-2022-22231 | Unchecked Return Value vulnerability in Juniper Junos 21.4 An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
| 2022-10-18 | CVE-2022-22232 | NULL Pointer Dereference vulnerability in Juniper Junos 21.4/22.1 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
| 2022-10-18 | CVE-2022-22235 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). | 7.5 |
| 2022-10-18 | CVE-2022-22236 | Access of Uninitialized Pointer vulnerability in Juniper Junos An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
| 2022-10-18 | CVE-2022-22239 | Improper Privilege Management vulnerability in Juniper Junos OS Evolved An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. | 8.8 |
| 2022-10-18 | CVE-2022-22246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. | 8.8 |
| 2022-10-18 | CVE-2022-22247 | Improper Input Validation vulnerability in Juniper Junos OS Evolved 21.3/21.4/22.1 An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. | 7.5 |
| 2022-10-18 | CVE-2022-22248 | Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Junos OS Evolved An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. | 7.3 |
| 2022-10-18 | CVE-2022-22251 | Insufficiently Protected Credentials vulnerability in Juniper Junos On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. | 7.8 |