CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39565 – Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
https://notcve.org/view.php?id=CVE-2024-39565
10 Jul 2024 — An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker wil... • https://support.juniper.net/support/downloads/?p=283 • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30407 – [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks
https://notcve.org/view.php?id=CVE-2024-30407
12 Apr 2024 — The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juni... • https://supportportal.juniper.net/JSA79106 • CWE-321: Use of Hard-coded Cryptographic Key •