Juniper Networks Junos Os vulnerabilities

CVE-2025-21597 [MEDIUM] CWE-754 CVE-2025-21597: An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rp An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, a

CVE-2025-30653 [MEDIUM] CWE-825 CVE-2025-30653: An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Ju An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-clas

CVE-2025-30654 [MEDIUM] CWE-200 CVE-2025-30654: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (U An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific show mgd command, a user with limited permissions

CVE-2025-30655 [MEDIUM] CWE-754 CVE-2025-30655: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash a

CVE-2025-30657 [MEDIUM] CWE-116 CVE-2025-30657: An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing

CVE-2025-30652 [MEDIUM] CWE-755 CVE-2025-30652: An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Jun An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd

CVE-2025-21590 [MEDIUM] CWE-653 CVE-2025-21590: An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos

CVE-2025-21598 [HIGH] CWE-125 CVE-2025-21598: An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing prot An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 2

CVE-2025-21602 [HIGH] CWE-755 CVE-2025-21602: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet

CVE-2025-21593 [HIGH] CWE-664 CVE-2025-21593: An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet whi

CVE-2025-21592 [MEDIUM] CWE-200 CVE-2025-21592: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line inte An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-m

CVE-2025-21596 [MEDIUM] CWE-755 CVE-2025-21596: An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Junip An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a tempor

CVE-2024-47506 [HIGH] CWE-833 CVE-2024-47506: A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX S A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs

CVE-2024-47503 [HIGH] CWE-754 CVE-2024-47503: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause

CVE-2024-47497 [HIGH] CWE-400 CVE-2024-47497: An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Ju An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes th

CVE-2024-47491 [HIGH] CWE-755 CVE-2024-47491: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. C

CVE-2024-47494 [HIGH] CWE-367 CVE-2024-47494: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper N A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an

CVE-2024-39526 [HIGH] CWE-755 CVE-2024-39526: An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to s

CVE-2024-47493 [HIGH] CWE-401 CVE-2024-47493: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap

CVE-2024-47499 [HIGH] CWE-754 CVE-2024-47499: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving