Page 21 of 257 results (0.050 seconds)

CVSS: 8.8EPSS: 0%CPEs: 211EXPL: 0

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en J-Web de Juniper Networks Junos OS permite a cualquier atacante autenticado poco privilegiado elevarlos a root. Este problema afecta a: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S19; 15.1 versiones anteriores a 15.1R7-S10; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S6; versiones 19.2 anteriores a 19.2R1-S7, 19.2R3-S3; 19. 3 versiones anteriores a 19.3R3-S3; versiones 19.4 anteriores a 19.4R3-S5; versiones 20.1 anteriores a 20.1R2-S2, 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R2-S1, 20.4R3; versiones 21.1 anteriores a 21.1R1-S1, 21.1R2 • https://kb.juniper.net/JSA11253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 212EXPL: 0

An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2. Una vulnerabilidad de comprobación de entrada inapropiada en el demonio de proceso de enrutamiento (RPD) de los dispositivos Juniper Networks Junos OS configurados con la comprobación de origen de BGP usando la Infraestructura de Clave Pública de Recursos (RPKI), permite a un atacante enviar una actualización BGP específica que puede causar que las comprobaciones de políticas de RPKI sean omitidas. Esto, a su vez, puede permitir que se acepte o propague un anuncio falsificado. • https://kb.juniper.net/JSA11240 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 9.0EPSS: 0%CPEs: 132EXPL: 0

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; Una vulnerabilidad de comprobación de entrada inapropiada en J-Web de Juniper Networks Junos OS permite a un atacante de J-Web autenticado localmente escalar sus privilegios a root sobre el dispositivo de destino. Este problema afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S6; versiones 19.2 anteriores a 19.2R3-S3; versiones 19.3 anteriores a 19.3R3-S3; versiones 19.4 anteriores a 19. 4R3-S5; versiones 20.1 anteriores a 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2, 21.1R3; 21.2 versiones anteriores a 21.2R1-S1, 21.2R2 • https://kb.juniper.net/JSA11237 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; El sistema operativo Junos de Juniper Networks utiliza la subred 128.0.0.0/2 para las comunicaciones internas entre el RE y los PFE. Se ha descubierto que los paquetes que utilizan estas direcciones IP pueden salir de un conmutador de la serie QFX5000, filtrando información de configuración como los latidos del corazón, las versiones del kernel, etc. a Internet, lo que lleva a una vulnerabilidad de exposición de información. Este problema afecta al sistema operativo Junos de Juniper Networks en las series QFX5110, QFX5120, QFX5200, QFX5210 y QFX5100 con la imagen de la serie QFX 5e instalada: Todas las versiones anteriores a 17.3R3-S12; 18.1 versiones anteriores a 18.1R3-S13; 18.3 versiones anteriores a 18.3R3-S5; 19.1 versiones anteriores a 19.1R3-S6; 19.2 versiones anteriores a 19.2R1-S7, 19.2R3-S3; 19.3 versiones anteriores a 19.3R2-S6, 19.3R3-S3; 19. 4 versiones anteriores a 19.4R1-S4, 19.4R3-S5; 20.1 versiones anteriores a 20.1R2-S2, 20.1R3-S1; 20.2 versiones anteriores a 20.2R3-S2; 20.3 versiones anteriores a 20.3R3-S1; 20.4 versiones anteriores a 20.4R2-S1, 20.4R3; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2; • https://kb.juniper.net/JSA11236 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 176EXPL: 0

On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a partial Denial of Service (DoS) with a high rate of specific traffic. If a Class of Service (CoS) rule is attached to the service-set and a high rate of specific traffic is processed by this service-set, for some of the other traffic which has services applied and is being processed by this MS-MPC/MS-MIC drops will be observed. Continued receipted of this high rate of specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series with MS-MPC/MS-MIC: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. En las plataformas de la serie MX con MS-MPC/MS-MIC, una vulnerabilidad de asignación de recursos sin límites o estrangulamiento en Juniper Networks Junos OS permite a un atacante de red no autenticado causar una Denegación de Servicio (DoS) parcial con una alta tasa de tráfico específico. • https://kb.juniper.net/JSA11231 • CWE-770: Allocation of Resources Without Limits or Throttling •