CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-28985 – SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received
https://notcve.org/view.php?id=CVE-2023-28985
14 Jul 2023 — An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue a... • https://supportportal.juniper.net/JSA71662 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.5EPSS: 0%CPEs: 131EXPL: 0CVE-2023-36838 – Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command
https://notcve.org/view.php?id=CVE-2023-36838
14 Jul 2023 — An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a... • https://supportportal.juniper.net/JSA71645 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2023-36831 – Junos OS: SRX Series: jbuf memory leak when SSL Proxy and UTM Web-Filtering is applied
https://notcve.org/view.php?id=CVE-2023-36831
14 Jul 2023 — An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system. The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by... • https://supportportal.juniper.net/JSA71636 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22251 – cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges
https://notcve.org/view.php?id=CVE-2022-22251
18 Oct 2022 — On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series. En los dispositivos cSRX Series, los problemas de permisos de software en el sistema... • https://kb.juniper.net/JSA69908 • CWE-257: Storing Passwords in a Recoverable Format CWE-275: Permission Issues CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 359EXPL: 0CVE-2021-0289 – Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted
https://notcve.org/view.php?id=CVE-2021-0289
15 Jul 2021 — When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show inte... • https://kb.juniper.net/JSA11191 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-0266 – cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.
https://notcve.org/view.php?id=CVE-2021-0266
22 Apr 2021 — The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. El uso de múltiples claves criptográficas embebidas en el software de la serie cSRX en Juniper Networks Junos OS, permite a un atacante tomar el co... • https://kb.juniper.net/JSA11157 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 230EXPL: 0CVE-2019-0075 – Junos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM
https://notcve.org/view.php?id=CVE-2019-0075
09 Oct 2019 — A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versio... • https://kb.juniper.net/JSA10976 •
CVSS: 7.5EPSS: 0%CPEs: 301EXPL: 0CVE-2019-0068 – Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets
https://notcve.org/view.php?id=CVE-2019-0068
09 Oct 2019 — The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 version... • https://kb.juniper.net/JSA10968 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2019-0066 – Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core
https://notcve.org/view.php?id=CVE-2019-0066
09 Oct 2019 — An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-e... • https://kb.juniper.net/JSA10965 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 8.8EPSS: 0%CPEs: 263EXPL: 0CVE-2019-0062 – Junos OS: Session fixation vulnerability in J-Web
https://notcve.org/view.php?id=CVE-2019-0062
09 Oct 2019 — A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 1... • https://kb.juniper.net/JSA10961 • CWE-384: Session Fixation •