CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0070 – Junos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions.
https://notcve.org/view.php?id=CVE-2019-0070
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series. Una debilidad de Validación de Entrada Inapropiada permite a un atacante local malicioso elevar sus permisos para tomar el control de otras partes de la plataforma NFX a las que no debería poder acceder y ejecutar comandos fuera de su alcance de control autorizado. Esto conlleva al atacante a tomar el control de todo el sistema. • https://kb.juniper.net/JSA10977 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2019-0069 – Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text
https://notcve.org/view.php?id=CVE-2019-0069
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series. En EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, cuando el usuario utiliza el puerto de administración de la consola para autenticar, las credenciales usadas durante la autenticación del dispositivo son escritas en un archivo de registro en texto sin cifrar. • https://kb.juniper.net/JSA10969 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0057 – NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.
https://notcve.org/view.php?id=CVE-2019-0057
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5. Una debilidad de autorización inapropiada en Juniper Networks Junos OS, permite a un atacante autenticado local omitir los controles de seguridad regulares para acceder a la aplicación Junos Device Manager (JDM) y tomar el control del sistema. Este problema afecta a: Juniper Networks Junos OS versiones anteriores a 18.2R1, 18.2X75-D5. • https://kb.juniper.net/JSA10955 •
CVSS: 7.5EPSS: 0%CPEs: 344EXPL: 0CVE-2019-0043 – Junos OS: RPD process crashes upon receipt of a specific SNMP packet
https://notcve.org/view.php?id=CVE-2019-0043
In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10. En entornos MPLS, la recepción de un paquete SNMP específico puede provocar que el proceso rpd (Routing Protocol Daemon) se cierre inesperadamente y se reinicie. • https://kb.juniper.net/JSA10935 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 128EXPL: 0CVE-2018-0061 – Junos OS: Denial of service in telnetd
https://notcve.org/view.php?id=CVE-2018-0061
A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81 on SRX Series; 12.3 versions prior to 12.3R12-S11; 12.3X48 versions prior to 12.3X48-D80 on SRX Series; 15.1 versions prior to 15.1R7; 15.1X49 versions prior to 15.1X49-D150, 15.1X49-D160 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.2X75 versions prior to 18.2X75-D5. Una vulnerabilidad de denegación de servicio (DoS) en el servicio telnetd de Junos OS permite que usuarios remotos no autenticados provoquen un alto uso de la CPU, lo que podría afectar al rendimiento del sistema. Las versiones afectadas de Juniper Networks Junos OS son: 12.1X46 en versiones anteriores a la 12.1X46-D81 en SRX Series; 12.3 en versiones anteriores a la 12.3R12-S11; 12.3X48 en versiones anteriores a la 12.3X48-D80 en SRX Series; 15.1 en versiones anteriores a la 15.1R7; 15.1X49 en versiones anteriores a la 15.1X49-D150, 15.1X49-D160 en SRX Series; 15.1X53 en versiones anteriores a la 15.1X53-D59 en EX2300/EX3400 Series; 15.1X53 en versiones anteriores a la 15.1X53-D68 en QFX10K Series; 15.1X53 en versiones anteriores a la 15.1X53-D235 en QFX5200/QFX5110 Series; 15.1X53 en versiones anteriores a la 15.1X53-D495 en NFX Series; 16.1 en versiones anteriores a la 16.1R4-S12, 16.1R6-S6, 16.1R7; 16.2 en versiones anteriores a la 16.2R2-S7, 16.2R3; 17.1 en versiones anteriores a la 17.1R2-S9, 17.1R3; 17.2 en versiones anteriores a la 17.2R2-S6, 17.2R3; 17.2X75 en versiones anteriores a la 17.2X75-D100; 17.3 en versiones anteriores a la 17.3R2-S4, 17.3R3; 17.4 en versiones anteriores a la 17.4R1-S5, 17.4R2 y 18.2X75 en versiones anteriores a la 18.2X75-D5. • http://www.securitytracker.com/id/1041859 https://kb.juniper.net/JSA10896 • CWE-400: Uncontrolled Resource Consumption •