CVSS: 7.5EPSS: 0%CPEs: 278EXPL: 0CVE-2020-1607 – Junos OS: Cross-Site Scripting (XSS) in J-Web
https://notcve.org/view.php?id=CVE-2020-1607
15 Jan 2020 — Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to... • https://kb.juniper.net/JSA10986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 210EXPL: 0CVE-2020-1606 – Junos OS: Path traversal vulnerability in J-Web
https://notcve.org/view.php?id=CVE-2020-1606
15 Jan 2020 — A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions... • https://kb.juniper.net/JSA10985 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 144EXPL: 0CVE-2020-1601 – Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash.
https://notcve.org/view.php?id=CVE-2020-1601
15 Jan 2020 — Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) con... • https://kb.juniper.net/JSA10980 •
CVSS: 7.5EPSS: 0%CPEs: 230EXPL: 0CVE-2019-0075 – Junos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM
https://notcve.org/view.php?id=CVE-2019-0075
09 Oct 2019 — A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versio... • https://kb.juniper.net/JSA10976 •
CVSS: 7.5EPSS: 0%CPEs: 301EXPL: 0CVE-2019-0068 – Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets
https://notcve.org/view.php?id=CVE-2019-0068
09 Oct 2019 — The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 version... • https://kb.juniper.net/JSA10968 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2019-0066 – Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core
https://notcve.org/view.php?id=CVE-2019-0066
09 Oct 2019 — An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-e... • https://kb.juniper.net/JSA10965 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 8.8EPSS: 0%CPEs: 263EXPL: 0CVE-2019-0062 – Junos OS: Session fixation vulnerability in J-Web
https://notcve.org/view.php?id=CVE-2019-0062
09 Oct 2019 — A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 1... • https://kb.juniper.net/JSA10961 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 100EXPL: 0CVE-2019-0060 – Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets
https://notcve.org/view.php?id=CVE-2019-0060
09 Oct 2019 — The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 ... • https://kb.juniper.net/JSA10959 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2019-0058 – Junos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation.
https://notcve.org/view.php?id=CVE-2019-0058
09 Oct 2019 — A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series. Una vulnerabilidad en el subsistema Veriexec de Juniper Networks Junos OS, permite a un atacante comprometer completamente el ... • https://kb.juniper.net/JSA10956 •
CVSS: 7.5EPSS: 0%CPEs: 135EXPL: 0CVE-2019-0055 – Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled.
https://notcve.org/view.php?id=CVE-2019-0055
09 Oct 2019 — A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.... • https://kb.juniper.net/JSA10953 • CWE-130: Improper Handling of Length Parameter Inconsistency •