| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. |
| A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. |
| On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability. |
| Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. |
| A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. |
| An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. |
| An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. |
| A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services. |
| A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server. |
| A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. |
| A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. |
| MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series. |
| The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue. |
| A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue. |
| On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected. |
| The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX. |
| An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue. |
| J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). |
