Juniper Junos vulnerabilities

CVE-2017-10615 [CRITICAL] CWE-20 CVE-2017-10615: A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior

CVE-2017-10620 [HIGH] CWE-295 CVE-2017-10620: Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before do Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X

CVE-2016-4922 [HIGH] CWE-77 CVE-2016-4922: Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a w Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Jun

CVE-2016-4921 [HIGH] CWE-399 CVE-2016-4921: By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all avai By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destin

CVE-2017-10614 [HIGH] CWE-400 CVE-2017-10614: A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory an A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14

CVE-2017-10608 [HIGH] CWE-400 CVE-2017-10608: Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash wh Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-fl

CVE-2016-1261 [HIGH] CWE-352 CVE-2016-1261: J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or c J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).

CVE-2017-10607 [HIGH] CVE-2017-10607: Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the r Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP

CVE-2017-10619 [HIGH] CVE-2017-10619: When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-o

CVE-2017-10613 [MEDIUM] CWE-400 CVE-2017-10613: A vulnerability in a specific loopback filter action command, processed in a specific logical order A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper N

CVE-2017-10610 [MEDIUM] CWE-20 CVE-2017-10610: On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause t On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior

CVE-2016-4923 [MEDIUM] CWE-79 CVE-2016-4923: Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may pot Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of

CVE-2017-10618 [MEDIUM] CVE-2017-10618: When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulner

CVE-2016-4924 [MEDIUM] CWE-275 CVE-2016-4924: An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivile An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious

CVE-2017-10621 [MEDIUM] CWE-400 CVE-2017-10621: A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unau A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior

CVE-2017-10611 [MEDIUM] CVE-2017-10611: If extended statistics are enabled via 'set chassis extended-statistics', when executing any operati If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the foll

CVE-2017-2345 [CRITICAL] CWE-20 CVE-2017-2345: On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way

CVE-2017-2343 [CRITICAL] CWE-798 CVE-2017-2343: The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which

CVE-2017-10601 [CRITICAL] CWE-287 CVE-2017-10601: A specific device configuration can result in a commit failure condition. When this occurs, a user i A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted

CVE-2017-10605 [HIGH] CWE-20 CVE-2017-10605: On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted pac On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in