CVSS: 8.8EPSS: 0%CPEs: 193EXPL: 0CVE-2024-21620 – Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS
https://notcve.org/view.php?id=CVE-2024-21620
25 Jan 2024 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series... • https://supportportal.juniper.net/JSA76390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2024-21619 – Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information
https://notcve.org/view.php?id=CVE-2024-21619
25 Jan 2024 — A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such ... • https://supportportal.juniper.net/JSA76390 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 93EXPL: 0CVE-2023-44203 – Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN
https://notcve.org/view.php?id=CVE-2023-44203
12 Oct 2023 — An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3... • https://supportportal.juniper.net/JSA73169 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0CVE-2023-44191 – Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging
https://notcve.org/view.php?id=CVE-2023-44191
12 Oct 2023 — An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 ver... • https://supportportal.juniper.net/JSA73155 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 1%CPEs: 153EXPL: 0CVE-2023-36851 – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36851
26 Sep 2023 — A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS o... • https://supportportal.juniper.net/JSA72300 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 85%CPEs: 277EXPL: 23CVE-2023-36845 – Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-36845
17 Aug 2023 — A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions ... • https://packetstorm.news/files/id/176969 • CWE-473: PHP External Variable Modification •
CVSS: 5.3EPSS: 44%CPEs: 158EXPL: 6CVE-2023-36844 – Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-36844
17 Aug 2023 — A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * ... • https://packetstorm.news/files/id/174865 • CWE-473: PHP External Variable Modification •
CVSS: 5.3EPSS: 2%CPEs: 152EXPL: 1CVE-2023-36847 – Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-36847
17 Aug 2023 — A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos ... • https://packetstorm.news/files/id/174397 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 184EXPL: 0CVE-2022-22234 – Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy
https://notcve.org/view.php?id=CVE-2022-22234
18 Oct 2022 — An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a part... • https://kb.juniper.net/JSA69890 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2022-22221 – Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality
https://notcve.org/view.php?id=CVE-2022-22221
20 Jul 2022 — An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 ve... • https://kb.juniper.net/JSA69725 •