| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. |
| Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. |
| An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. |
| On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series. |
| A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
| A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. |
| A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service. |
| A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. |
| An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4. |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges. |
| A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. |
| A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
| On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability. |
| When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series. |
| On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. |
| A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. |
| On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. |
| A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200. |
