CVSS: 7.1EPSS: 0%CPEs: 76EXPL: 0CVE-2019-0073 – Junos OS: PKI key pairs are exported with insecure file permissions
https://notcve.org/view.php?id=CVE-2019-0073
09 Oct 2019 — The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. Las clave... • https://kb.juniper.net/JSA10974 • CWE-281: Improper Preservation of Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0071 – Junos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific versions of Junos OS
https://notcve.org/view.php?id=CVE-2019-0071
09 Oct 2019 — Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected ver... • https://kb.juniper.net/JSA10978 • CWE-347: Improper Verification of Cryptographic Signature CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0070 – Junos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions.
https://notcve.org/view.php?id=CVE-2019-0070
09 Oct 2019 — An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series. Una debilidad de Validación de Entrada Inapropiada permite a un atacante local malicioso elevar ... • https://kb.juniper.net/JSA10977 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2019-0069 – Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text
https://notcve.org/view.php?id=CVE-2019-0069
09 Oct 2019 — On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with... • https://kb.juniper.net/JSA10969 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 301EXPL: 0CVE-2019-0068 – Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets
https://notcve.org/view.php?id=CVE-2019-0068
09 Oct 2019 — The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 version... • https://kb.juniper.net/JSA10968 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-0067 – Junos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG)
https://notcve.org/view.php?id=CVE-2019-0067
09 Oct 2019 — Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions. La recepci... • https://kb.juniper.net/JSA10966 •
CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2019-0066 – Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core
https://notcve.org/view.php?id=CVE-2019-0066
09 Oct 2019 — An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-e... • https://kb.juniper.net/JSA10965 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 7.5EPSS: 0%CPEs: 259EXPL: 0CVE-2019-0065 – Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC
https://notcve.org/view.php?id=CVE-2019-0065
09 Oct 2019 — On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; ... • https://kb.juniper.net/JSA10964 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0064 – Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet
https://notcve.org/view.php?id=CVE-2019-0064
09 Oct 2019 — On SRX5000 Series devices, if 'set security zones security-zone
CVSS: 7.5EPSS: 0%CPEs: 340EXPL: 0CVE-2019-0063 – Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message
https://notcve.org/view.php?id=CVE-2019-0063
09 Oct 2019 — When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffec... • https://kb.juniper.net/JSA10962 •