CVSS: 6.5EPSS: 0%CPEs: 359EXPL: 0CVE-2021-0289 – Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted
https://notcve.org/view.php?id=CVE-2021-0289
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. • https://kb.juniper.net/JSA11191 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2012-5460
https://notcve.org/view.php?id=CVE-2012-5460
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Vulnerabilidad XSS en la página de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través del parámetro WWHSearchWordsText. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1180 – Juniper Networks Secure Access 2000 - 'rdremediate.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1180
Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)de dana-na/auth/rdremediate.cgi en Juniper Networks Secure Access 2000 5.5 R1 build 11711, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro delivery_mode. • https://www.exploit-db.com/exploits/31311 http://secunia.com/advisories/29165 http://securityreason.com/securityalert/3720 http://www.procheckup.com/Vulnerability_PR07-41.php http://www.securityfocus.com/archive/1/488918/100/0/threaded http://www.securityfocus.com/bid/28034 http://www.vupen.com/english/advisories/2008/0762 https://exchange.xforce.ibmcloud.com/vulnerabilities/40916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2008-1181 – Juniper Networks Secure Access 2000 Web - Root Full Path Disclosure
https://notcve.org/view.php?id=CVE-2008-1181
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. Juniper Networks Secure Access 2000 5.5 R1 (build 11711) permite a atacantes remotos obtener información sensible a través de una petición directa para remediate.cgi sin ciertos parámetros, lo cual muestra la ruta en un mensaje de error "Execute failed". • https://www.exploit-db.com/exploits/31313 http://securityreason.com/securityalert/3719 http://www.securityfocus.com/archive/1/488919/100/0/threaded http://www.securityfocus.com/bid/28037 http://www.securitytracker.com/id?1019526 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •