Vulnerabilities > Juniper > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-2340 Improper Input Validation vulnerability in Juniper Junos 15.1/16.1
On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash.
network
low complexity
juniper CWE-20
5.3
2017-04-24 CVE-2017-2333 Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0
A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server.
network
low complexity
juniper CWE-400
6.5
2017-04-24 CVE-2017-2330 Excessive Iteration vulnerability in Juniper Northstar Controller 2.1.0
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted.
local
low complexity
juniper CWE-834
6.2
2017-04-24 CVE-2017-2329 Improper Authentication vulnerability in Juniper Northstar Controller 2.1.0
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.
local
low complexity
juniper CWE-287
6.2
2017-04-24 CVE-2017-2328 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.
local
low complexity
juniper CWE-200
5.5
2017-04-24 CVE-2017-2327 Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services.
local
low complexity
juniper CWE-400
5.5
2017-04-24 CVE-2017-2326 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.
network
low complexity
juniper CWE-200
6.5
2017-04-24 CVE-2017-2325 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Northstar Controller 2.1.0
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
network
low complexity
juniper CWE-119
6.5
2017-04-24 CVE-2017-2324 Command Injection vulnerability in Juniper Northstar Controller 2.1.0
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.
network
low complexity
juniper CWE-77
5.3
2017-04-24 CVE-2017-2318 Information Exposure vulnerability in Juniper Northstar Controller 2.1.0
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
network
low complexity
juniper CWE-200
6.5