CVSS: 6.5EPSS: 0%CPEs: 359EXPL: 0CVE-2021-0289 – Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted
https://notcve.org/view.php?id=CVE-2021-0289
15 Jul 2021 — When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show inte... • https://kb.juniper.net/JSA11191 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 44EXPL: 0CVE-2021-0220 – Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
https://notcve.org/view.php?id=CVE-2021-0220
15 Jan 2021 — The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Net... • https://kb.juniper.net/JSA11110 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 3%CPEs: 9EXPL: 1CVE-2020-1611 – Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.
https://notcve.org/view.php?id=CVE-2020-1611
15 Jan 2020 — A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1. Una vulnerabilidad de Inclusión de Archivo Local en Juniper Networks Junos Space, permite a un atacante visualizar todos los archivos en el destino cuando el dispositivo recibe paquetes HTTP maliciosos. Este problema afecta a: Juniper Networks Junos Space versiones an... • https://github.com/Ibonok/CVE-2020-1611 •