Juniper: >> Junos >> 11.4r13 Security Vulnerabilities
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-10-09
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-04-10
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-10-13
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.
CVSS Score
8.4
EPSS Score
0.001
Published
2017-10-13
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57.
CVSS Score
8.0
EPSS Score
0.003
Published
2017-10-13
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
CVSS Score
5.0
EPSS Score
0.008
Published
2004-12-06
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVSS Score
5.0
EPSS Score
0.093
Published
2004-08-18
Page 22