CVSS: 9.8EPSS: 0%CPEs: 277EXPL: 0CVE-2020-1631 – Juniper Junos OS Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-1631
04 May 2020 — A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as u... • https://kb.juniper.net/JSA11021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0CVE-2020-1639 – Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.
https://notcve.org/view.php?id=CVE-2020-1639
08 Apr 2020 — When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects... • https://kb.juniper.net • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 142EXPL: 0CVE-2020-1637 – Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability
https://notcve.org/view.php?id=CVE-2020-1637
08 Apr 2020 — A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X... • https://kb.juniper.net/JSA11018 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-1634 – Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset.
https://notcve.org/view.php?id=CVE-2020-1634
08 Apr 2020 — On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices. • https://kb.juniper.net/JSA11014 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 288EXPL: 0CVE-2020-1630 – Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change.
https://notcve.org/view.php?id=CVE-2020-1630
08 Apr 2020 — A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-... • https://kb.juniper.net/JSA11010 • CWE-264: Permissions, Privileges, and Access Controls CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 222EXPL: 0CVE-2020-1628 – Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces
https://notcve.org/view.php?id=CVE-2020-1628
08 Apr 2020 — Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1... • https://kb.juniper.net/JSA11008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 218EXPL: 0CVE-2020-1618 – Junos OS: EX and QFX Series: Console port authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2020-1618
08 Apr 2020 — On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: ... • https://kb.juniper.net/JSA11001 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-1614 – NFX250 Series: Hardcoded credentials in the vSRX VNF instance.
https://notcve.org/view.php?id=CVE-2020-1614
08 Apr 2020 — A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF, either locally, or through the network. This issue only affects the NFX250 Series vSRX VNF. No other products or platforms are affected. This issue is only applicable to environments where the vSRX VNF root password has not been confi... • https://kb.juniper.net/JSA10997 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.6EPSS: 0%CPEs: 344EXPL: 0CVE-2020-1613 – Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement.
https://notcve.org/view.php?id=CVE-2020-1613
08 Apr 2020 — A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device tha... • https://kb.juniper.net/JSA10996 • CWE-710: Improper Adherence to Coding Standards •
CVSS: 10.0EPSS: 64%CPEs: 361EXPL: 0CVE-2020-10188 – telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code
https://notcve.org/view.php?id=CVE-2020-10188
06 Mar 2020 — utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. El archivo utility.c en telnetd en netkit telnet versiones hasta 0.17, permite a atacantes remotos ejecutar código arbitrario por medio de escrituras cortas o datos urgentes, debido a un desbordamiento del búfer que involucra a las funciones netclear y nextitem. A vulnerability was found where incorre... • https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •