Page 29 of 278 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 53EXPL: 0

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. • https://kb.juniper.net/JSA10706 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.1EPSS: 0%CPEs: 49EXPL: 0

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. Se presentan múltiples vulnerabilidades en el manejo de errores de Juniper Junos J-Web que pueden conllevar a problemas de tipo cross site scripting (XSS) o bloquear el servicio J-Web (DoS). Esto afecta a Juniper Junos OS versiones 12.1X44 anteriores a 12.1X44-D45, versiones 12.1X46 anteriores a 12.1X46-D30, versiones 12.1X47 anteriores a 12.1X47-D20, versiones 12.3 anteriores a 12.3R8, versiones 12.3X48 anteriores a 12.3X48-D10, versiones 13.1 anteriores a 13.1R5, versiones 13.2 anteriores a 13.2 R6, versiones 13.3 anteriores a 13.3R4, versiones 14.1 anteriores a 14.1R3, versiones 14.1X53 anteriores a 14.1X53-D10, versiones 14.2 anteriores a 14.2R1 y versiones 15.1 anteriores a 15.1R1. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682 http://www.securitytracker.com/id/1032846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 278EXPL: 0

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2. Una protección insuficiente contra ataques de tipo Cross-Site Scripting (XSS) en J-Web puede permitir potencialmente a un atacante remoto inyectar script web o HTML, secuestrar la sesión J-Web del usuario objetivo y llevar a cabo acciones administrativas en el dispositivo Junos como el usuario objetivo. Este problema afecta a las versiones de Juniper Networks Junos OS 12.3 anteriores a 12.3R12-S15; versiones 12.3X48 anteriores a 12.3X48-D86, 12.3X48-D90 en SRX Series; versiones 14.1X53 anteriores a 14.1X53-D51 en EX y QFX Series; versiones 15.1F6 anteriores a 15.1F6-S13; versiones 15.1 anteriores a 15.1R7-S5; versiones 15.1X49 anteriores a 15.1X49-D181, 15.1X49-D190 en SRX Series; versiones 15.1X53 anteriores a 15.1X53-D238 en QFX5200/QFX5110 Series; versiones 15.1X53 anteriores a 15.1X53-D592 en EX2300/EX3400 Series; versiones 16.1 anteriores a 16.1R4-S13, 16.1R7-S5; versiones 16.2 anteriores a 16.2R2-S10; versiones 17.1 anteriores a 17.1R2-S11, 17.1R3-S1; versiones 17.2 anteriores a 17.2R1-S9, 17.2R3-S2; versiones 17.3 anteriores a 17.3R2-S5, 17.3R3-S5; versiones 17.4 anteriores a 17.4R2-S6, 17.4R3; versiones 18.1 anteriores a 18.1R3-S7; versiones 18.2 anteriores a 18.2R2-S5, 18.2R3; versiones 18.3 anteriores a 18.3R1-S6, 18.3R2-S1, 18.3R3; versiones 18.4 anteriores a 18.4R1-S5, 18.4R2; versiones 19.1 anteriores a 19.1R1-S2, 19.1R2. • https://kb.juniper.net/JSA10986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 210EXPL: 0

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. Una vulnerabilidad de salto de ruta en el dispositivo Juniper Networks Junos OS puede permitir a un usuario de J-web autenticado leer archivos con permiso de lectura "world" y eliminar archivos con permiso de escritura "world". Este problema no afecta a los archivos de sistema a los que solo puede acceder el usuario root. • https://kb.juniper.net/JSA10985 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 107EXPL: 0

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series. • https://kb.juniper.net/JSA10983 • CWE-284: Improper Access Control •