Juniper Networks Junos Os vulnerabilities
659 known vulnerabilities affecting juniper_networks/junos_os.
Total CVEs
659
CISA KEV
7
actively exploited
Public exploits
6
Exploited in wild
6
Severity breakdown
CRITICAL34HIGH352MEDIUM273
Vulnerabilities
Page 11 of 33
CVE-2023-44201MEDIUMCVSS 5.5fixed in 20.4R3-S4≥ 21.1, < 21.1R3-S4+3 more2023-10-13
CVE-2023-44201 [MEDIUM] CWE-732 CVE-2023-44201:
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Junipe
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.
When a user with the respective permissions commits a configuration change, a specific file is created. That f
cvelistv5nvd
CVE-2023-44183MEDIUMCVSS 5.3≥ 18.4R2, < 18.4*≥ 20.4, < 20.4R3-S8+8 more2023-10-13
CVE-2023-44183 [MEDIUM] CWE-20 CVE-2023-44183:
An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper N
An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational condit
cvelistv5nvd
CVE-2023-44184MEDIUMCVSS 6.5fixed in 20.4R3-S7≥ 21.1, < 21.1R1+7 more2023-10-13
CVE-2023-44184 [MEDIUM] CWE-119 CVE-2023-44184:
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the man
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.
T
cvelistv5nvd
CVE-2023-44176MEDIUMCVSS 5.5fixed in 20.4R3-S8≥ 21.2, < 21.2R3-S6+4 more2023-10-13
CVE-2023-44176 [MEDIUM] CWE-121 CVE-2023-44176:
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions pri
cvelistv5nvd
CVE-2023-44178MEDIUMCVSS 5.5fixed in 19.1R3-S10≥ 19.2, < 19.2R3-S7+12 more2023-10-13
CVE-2023-44178 [MEDIUM] CWE-121 CVE-2023-44178:
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS
* All versions prio
cvelistv5nvd
CVE-2023-44175HIGHCVSS 7.5fixed in 20.4R3-S7≥ 21.1, < 21.1R3-S4+7 more2023-10-12
CVE-2023-44175 [HIGH] CWE-617 CVE-2023-44175:
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).
Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Not
cvelistv5nvd
CVE-2023-36843HIGHCVSS 7.5fixed in 20.4R3-S8≥ 21.1R1, < 21.1*+7 more2023-10-12
CVE-2023-36843 [HIGH] CWE-168 CVE-2023-36843:
An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework
An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).
Upon receiving malformed SSL traffic, the PFE crashes.
cvelistv5nvd
CVE-2023-36841HIGHCVSS 7.5fixed in 20.4R3-S7≥ 21.1R1, < 21.1*+7 more2023-10-12
CVE-2023-36841 [HIGH] CWE-400 CVE-2023-36841:
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engi
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).
An attacker who sends malformed TCP traffic via an interface configured with PPPoE, cau
cvelistv5nvd
CVE-2023-36839MEDIUMCVSS 6.5fixed in 20.4R3-S8≥ 21.1R1, < 21.1*+7 more2023-10-12
CVE-2023-36839 [MEDIUM] CWE-1284 CVE-2023-36839:
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocol
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).
This issue occurs when specific LLDP packets are received and telemetry
cvelistv5nvd
CVE-2023-22392MEDIUMCVSS 6.5fixed in 20.4R3-S5≥ 21.1, < 21.1R3-S4+13 more2023-10-12
CVE-2023-22392 [MEDIUM] CWE-401 CVE-2023-22392:
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes.
cvelistv5nvd
CVE-2023-44186HIGHCVSS 7.5fixed in 20.4R3-S8≥ 21.1R1, < 21.1*+7 more2023-10-11
CVE-2023-44186 [HIGH] CWE-755 CVE-2023-44186:
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Netwo
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustaine
cvelistv5nvd
CVE-2023-44188MEDIUMCVSS 5.3≥ 20.4, < 20.4R3-S9≥ 21.1R1, < 21.1*+8 more2023-10-11
CVE-2023-44188 [MEDIUM] CWE-367 CVE-2023-44188:
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Junipe
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receip
cvelistv5nvd
CVE-2023-36851MEDIUMCVSS 5.3KEV≥ 21.2, < 21.2R3-S8≥ 21.4, < 21.4R3-S6+5 more2023-09-27
CVE-2023-36851 [MEDIUM] CWE-306 CVE-2023-36851: A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Ser
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesn't require authentication, an attacker is able to upload and download arbitrary
cvelistv5nvd
CVE-2023-36845CRITICALCVSS 9.8KEVPoCfixed in 20.4R3-S9≥ 21.1, < 21.1*+8 more2023-08-17
CVE-2023-36845 [CRITICAL] CWE-473 CVE-2023-36845: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Serie
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to remotely execute code.
Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of
cvelistv5nvd
CVE-2023-36846MEDIUMCVSS 5.3KEVPoCfixed in 20.4R3-S8≥ 21.1, < 21.1*+7 more2023-08-17
CVE-2023-36846 [MEDIUM] CWE-306 CVE-2023-36846: A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Ser
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a
cvelistv5nvd
CVE-2023-36847MEDIUMCVSS 5.3KEVPoCfixed in 20.4R3-S8≥ 21.1, < 21.1*+7 more2023-08-17
CVE-2023-36847 [MEDIUM] CWE-306 CVE-2023-36847: A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Seri
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web,
cvelistv5nvd
CVE-2023-36844MEDIUMCVSS 5.3KEVPoCfixed in 20.4R3-S9≥ 21.1, < 21.1*+8 more2023-08-17
CVE-2023-36844 [MEDIUM] CWE-473 CVE-2023-36844: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Serie
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variables leading to partial loss of integrity, which may allow ch
cvelistv5nvd
CVE-2023-36835HIGHCVSS 7.5≥ 20.3, < 20.3*≥ 20.4, < 20.4R3-S5+7 more2023-07-14
CVE-2023-36835 [HIGH] CWE-754 CVE-2023-36835: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS).
If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedg
cvelistv5nvd
CVE-2023-36832HIGHCVSS 7.5≥ unspecified, < 19.1R3-S10≥ 19.2, < 19.2R3-S7+12 more2023-07-14
CVE-2023-36832 [HIGH] CWE-755 CVE-2023-36832: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS).
cvelistv5nvd
CVE-2023-28985HIGHCVSS 7.5≥ unspecified, < SigPack 35982023-07-14
CVE-2023-28985 [HIGH] CWE-1286 CVE-2023-28985: An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Pr
An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.
On all SRX Se
cvelistv5nvd