CVSS: 8.8EPSS: 0%CPEs: 74EXPL: 0CVE-2016-1261 – Junos: vulnerabilities in J-Web (CVE-2016-1261)
https://notcve.org/view.php?id=CVE-2016-1261
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). J-Web no valida ciertas entradas que pueden pueden provocar problemas de Cross-Site Request Forgery (CSRF) o una denegación del servicio J-Web (DoS). • https://kb.juniper.net/JSA10723 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 0CVE-2016-4921 – Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921)
https://notcve.org/view.php?id=CVE-2016-4921
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. • http://www.securityfocus.com/bid/93532 http://www.securitytracker.com/id/1037014 https://kb.juniper.net/JSA10762 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 0%CPEs: 149EXPL: 0CVE-2016-4922 – Junos: Privilege escalation vulnerabilities in Junos CLI
https://notcve.org/view.php?id=CVE-2016-4922
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. Se encontraron algunas combinaciones de argumentos y comandos CLI de Junos OS explotables de una manera que permite el acceso no autorizado al sistema operativo. Esto puede permitir que cualquier usuario con permisos para ejecutar estos comandos CLI tenga la capacidad para conseguir privilegios elevados y obtener el control total del dispositivo. • http://www.securityfocus.com/bid/93534 http://www.securitytracker.com/id/1037013 https://kb.juniper.net/JSA10763 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 35EXPL: 0CVE-2017-2349 – SRX Series: Command injection vulnerability in SRX IDP feature.
https://notcve.org/view.php?id=CVE-2017-2349
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30. Una vulnerabilidad de inyección de comandos en la función IDP de Juniper Networks Junos OS en dispositivos de la serie SRX potencialmente permite a un usuario con acceso de inicio de sesión al dispositivo ejecutar comandos shell y elevar privilegios. Las versiones afectadas son Juniper Networks Junos OS versión 12.1X44 anterior a 12.1X44-D60; versión 12.1X46 anterior a 12.1X46-D50; versión 12.1X47 anterior a 12.1X47-D30, 12.1X47-D35; versión 12.3X48 anterior a 12.3X48-D20, 12.3X48-D30; versión 15.1X49 anterior a 15.1X49-D20, 15.1X49-D30. • http://www.securitytracker.com/id/1038898 https://kb.juniper.net/JSA10801 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2300
https://notcve.org/view.php?id=CVE-2017-2300
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. En los clústeres de tipo chassis de dispositivos Juniper Networks SRX Series Services Gateways que ejecutan el sistema operativo versiones: Junos 12.1X46 anterior a 12.1X46-D65, 12.3X48 anterior a 12.3X48-D40 y12.3X48 anterior a 12.3X48-D60, el demonio flowd en el nodo principal del clúster, puede bloquearse y reiniciarse al intentar sincronizar una sesión multicast creada mediante paquetes multicast especialmente diseñados. • http://www.securityfocus.com/bid/95400 http://www.securitytracker.com/id/1037597 https://kb.juniper.net/JSA10768 •