Vulnerabilities > Juniper > Srx5600 > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0033 Resource Exhaustion vulnerability in Juniper Junos
A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS).
network
low complexity
juniper CWE-400
5.0
2019-01-15 CVE-2019-0010 Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic.
network
low complexity
juniper CWE-770
5.0
2019-01-15 CVE-2019-0003 Improper Input Validation vulnerability in Juniper Junos
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated.
network
juniper CWE-20
4.3
2018-07-11 CVE-2018-0025 Unspecified vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors.
network
juniper
4.3
2018-04-11 CVE-2018-0018 Information Exposure vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device.
network
juniper CWE-200
4.3
2018-01-10 CVE-2018-0009 Unspecified vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic.
network
juniper
4.3
2018-01-10 CVE-2018-0002 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash.
network
juniper CWE-119
4.3
2017-10-13 CVE-2017-10620 Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates.
network
juniper CWE-295
5.8
2017-10-13 CVE-2017-10619 Unspecified vulnerability in Juniper Junos 12.3X48/15.1X49
When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node.
network
low complexity
juniper
5.0
2017-10-13 CVE-2017-10608 Resource Exhaustion vulnerability in Juniper Junos
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs.
network
low complexity
juniper CWE-400
5.0