Juniper Networks Junos Os vulnerabilities
652 known vulnerabilities affecting juniper_networks/junos_os.
Total CVEs
652
CISA KEV
7
actively exploited
Public exploits
6
Exploited in wild
6
Severity breakdown
CRITICAL34HIGH348MEDIUM270
Vulnerabilities
Page 8 of 33
CVE-2024-30392HIGHCVSS 8.7fixed in 21.2R3-S6≥ 21.3, < 21.3R3-S5+5 more2024-04-12
CVE-2024-30392 [HIGH] CWE-121 CVE-2024-30392: A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Ju
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will cra
nvd
CVE-2024-30394HIGHCVSS 8.7fixed in 21.2R3-S7≥ 21.4, < 21.4R3-S5+5 more2024-04-12
CVE-2024-30394 [HIGH] CWE-121 CVE-2024-30394: A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received vi
nvd
CVE-2024-30395HIGHCVSS 8.7fixed in 21.2R3-S7≥ 21.3, < 21.3R3-S5+6 more2024-04-12
CVE-2024-30395 [HIGH] CWE-1287 CVE-2024-30395: An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed
nvd
CVE-2024-21609HIGHCVSS 7.1fixed in 20.4R3-S9≥ 21.2, < 21.2R3-S7+7 more2024-04-12
CVE-2024-21609 [HIGH] CWE-401 CVE-2024-21609: A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Junip
A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS).
If specific values for the IPsec parameters local-ip, rem
nvd
CVE-2024-21598HIGHCVSS 8.7≥ 20.4, < 20.4R3-S9≥ 21.2, < 21.2R3-S7+7 more2024-04-12
CVE-2024-21598 [HIGH] CWE-1286 CVE-2024-21598: An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemo
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute
nvd
CVE-2024-30397HIGHCVSS 8.7fixed in 20.4R3-S10≥ 21.2, < 21.2R3-S7+6 more2024-04-12
CVE-2024-30397 [HIGH] CWE-754 CVE-2024-30397: An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastr
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).
The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and b
nvd
CVE-2024-30387HIGHCVSS 7.1fixed in 20.4R3-S9≥ 21.2, < 21.2R3-S5+6 more2024-04-12
CVE-2024-30387 [HIGH] CWE-820 CVE-2024-30387: A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Ju
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads
nvd
CVE-2024-30401HIGHCVSS 8.2≥ 21.2, < 21.2R3-S1≥ 21.4, < 21.4R3+2 more2024-04-12
CVE-2024-30401 [HIGH] CWE-125 CVE-2024-30401: An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.
Through code review, it was determined that the interface
nvd
CVE-2024-30402HIGHCVSS 8.2≥ 20.4, < 20.4R3-S10≥ 21.2, < 21.2R3-S7+6 more2024-04-12
CVE-2024-30402 [HIGH] CWE-754 CVE-2024-30402: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learnin
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, t
nvd
CVE-2024-30405HIGHCVSS 8.7fixed in 21.2R3-S7≥ 21.4, < 21.4R3-S6+5 more2024-04-12
CVE-2024-30405 [HIGH] CWE-131 CVE-2024-30405: An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series d
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).
Continued receipt and processing of these specific packets will sustain the Denial of Service co
nvd
CVE-2024-21618HIGHCVSS 7.1≥ 21.4, < 21.4R3-S4≥ 22.1, < 22.1R3-S4+4 more2024-04-12
CVE-2024-21618 [HIGH] CWE-788 CVE-2024-21618: An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daem
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LL
nvd
CVE-2024-30398HIGHCVSS 8.7≥ 21.2, < 21.2R3-S7≥ 21.4, < 21.4R3-S6+5 more2024-04-12
CVE-2024-30398 [HIGH] CWE-119 CVE-2024-30398: An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Pack
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet han
nvd
CVE-2024-30388HIGHCVSS 7.1≥ 20.4R3-S4, < 20.4R3-S8≥ 21.2R3-S2, < 21.2R3-S6+5 more2024-04-12
CVE-2024-30388 [HIGH] CWE-653 CVE-2024-30388: An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series devic
nvd
CVE-2024-30386HIGHCVSS 7.1fixed in 20.4R3-S8≥ 21.2, < 21.2R3-S6+6 more2024-04-12
CVE-2024-30386 [HIGH] CWE-416 CVE-2024-30386: A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).
In an EVPN-VXLAN scenario, when
state updates are received and processed by the affected system, the correct order o
nvd
CVE-2024-21593HIGHCVSS 7.1≥ 21.4R3, < 21.4R3-S5≥ 22.2R2, < 22.2R3-S2+4 more2024-04-12
CVE-2024-21593 [HIGH] CWE-703 CVE-2024-21593: An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engin
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE
nvd
CVE-2024-30384MEDIUMCVSS 6.8fixed in 20.4R3-S10≥ 21.2, < 21.2R3-S7+1 more2024-04-12
CVE-2024-30384 [MEDIUM] CWE-754 CVE-2024-30384: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos).
If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to b
nvd
CVE-2024-30391MEDIUMCVSS 6.3fixed in 20.4R3-S7≥ 21.1, < 21.1R3+2 more2024-04-12
CVE-2024-30391 [MEDIUM] CWE-306 CVE-2024-30391: A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) o
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.
If a device is configured with IPsec authentication algorithm
nvd
CVE-2024-30389MEDIUMCVSS 6.9≥ 21.4, < 21.4R3-S62024-04-12
CVE-2024-30389 [MEDIUM] CWE-696 CVE-2024-30389: An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.
When an output firewall filter is applied to an interface it doesn't recognize matching packets b
nvd
CVE-2024-21610MEDIUMCVSS 5.3fixed in 20.4R3-S9≥ 21.2, < 21.2R3-S7+7 more2024-04-12
CVE-2024-21610 [MEDIUM] CWE-755 CVE-2024-21610: An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) o
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).
In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCON
nvd
CVE-2024-30409MEDIUMCVSS 6.9≥ 22.1, < 22.1R1-S2, 22.1R22024-04-12
CVE-2024-30409 [MEDIUM] CWE-754 CVE-2024-30409: An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Jun
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.
This issue affects Juniper Networks
Junos O
nvd