Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-0250 | Unspecified vulnerability in Juniper Junos In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. | 5.0 |
| 2021-04-22 | CVE-2021-0247 | Race Condition vulnerability in Juniper Junos 14.1X53/15.1X53 A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. | 6.8 |
| 2021-04-22 | CVE-2021-0246 | Incorrect Default Permissions vulnerability in Juniper Junos 18.3/18.4/19.1 On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. | 4.6 |
| 2021-04-22 | CVE-2021-0244 | Race Condition vulnerability in Juniper Junos 14.1X53/15.1 A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. | 4.3 |
| 2021-04-22 | CVE-2021-0242 | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. | 6.1 |
| 2021-04-22 | CVE-2021-0239 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.4 In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. | 6.1 |
| 2021-04-22 | CVE-2021-0236 | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). | 6.8 |
| 2021-04-22 | CVE-2021-0235 | Incorrect Default Permissions vulnerability in Juniper Junos On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. | 4.6 |
| 2021-04-22 | CVE-2021-0234 | Improper Initialization vulnerability in Juniper Junos 17.3/17.4/18.1 Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. | 5.0 |
| 2021-04-22 | CVE-2021-0233 | Unspecified vulnerability in Juniper Junos 17.4 A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. | 5.0 |