Juniper Junos vulnerabilities

CVE-2020-1643 [MEDIUM] CWE-755 CVE-2020-1643: Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a J Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local att

CVE-2020-7656 [MEDIUM] CWE-79 CVE-2020-7656: jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed.

CVE-2020-1631 [CRITICAL] CWE-22 CVE-2020-1631: A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Fir A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into

CVE-2020-1632 [HIGH] CWE-755 CVE-2020-1632: In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to

CVE-2020-1633 [MEDIUM] CWE-20 CVE-2020-1633: Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packet Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition. This issu

CVE-2020-1615 [CRITICAL] CWE-798 CVE-2020-1615: The factory configuration for vMX installations, as shipped, includes default credentials for the ro The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior

CVE-2020-1614 [CRITICAL] CWE-798 CVE-2020-1614: A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Netwo A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX25

CVE-2020-1617 [HIGH] CWE-665 CVE-2020-1617: This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Inte This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms which may lead to a

CVE-2020-1638 [HIGH] CWE-467 CVE-2020-1638: The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart af The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will

CVE-2020-1639 [HIGH] CWE-703 CVE-2020-1639: When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ether When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial

CVE-2020-1627 [HIGH] CVE-2020-1627: A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the

CVE-2020-1613 [HIGH] CWE-710 CVE-2020-1613: A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to t A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement.

CVE-2020-1634 [HIGH] CWE-190 CVE-2020-1634: On High-End SRX Series devices, in specific configurations and when specific networking events or op On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3

CVE-2020-1619 [MEDIUM] CWE-20 CVE-2020-1619: A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, an A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series

CVE-2020-1625 [MEDIUM] CWE-400 CVE-2020-1625: The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increa The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of

CVE-2020-1628 [MEDIUM] CWE-200 CVE-2020-1628: Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue

CVE-2020-1618 [MEDIUM] CWE-288 CVE-2020-1618: On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user conne On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the

CVE-2020-1629 [MEDIUM] CWE-366 CVE-2020-1629: A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol da A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 ve

CVE-2020-1637 [MEDIUM] CWE-288 CVE-2020-1637: A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may a A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Wo

CVE-2020-1630 [MEDIUM] CWE-264 CVE-2020-1630: A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routi A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE