Shodan
Vulnerabilities
Vulnerable Software
Juniper:  >> Junos  Security Vulnerabilities
CVE-2025-30645
A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).  Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-04-09
CVE-2025-30646
A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S6-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-09
CVE-2025-21597
An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before :22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-04-09
CVE-2025-21601
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS:  * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S1, 24.2R2. An indicator of compromise is to review the CPU % of the httpd process in the CLI: e.g.   show system processes extensive | match httpd  PID nobody       52   0   20M    191M select   2   0:01   80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator
CVSS Score
7.5
EPSS Score
0.005
Published
2025-04-09
CVE-2025-21591
A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. This issue isn't applicable to any versions of Junos OS before 23.1R1. This issue doesn't affect vSRX Series which doesn't support DHCP Snooping. This issue doesn't affect Junos OS Evolved. There are no indicators of compromise for this issue.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-04-09
CVE-2025-21594
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed.  Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover. Following is the command to identify the issue:      user@host> show services nat source port-block      Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/                                                               Range           Ports_Total       Left_Time(s)     2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       >>>>>>>>port still usedThis issue affects Junos OS on MX Series:  * from 21.2 before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S6,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2. This issue does not affect versions before 20.2R1.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-04-09
CVE-2025-21595
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart. This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command. user@host> show chassis fpc                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%) Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer   0 Online           45     3         0       2       2      2       32768      19       0 <<<<<<< Heap increase in all fPCs This issue affects Junos OS: * All versions before 21.2R3-S7, * 21.4 versions before 21.4R3-S4, * 22.2 versions before 22.2R3-S1,  * 22.3 versions before 22.3R3-S1,  * 22.4 versions before 22.4R2-S2, 22.4R3. and Junos OS Evolved: * All versions before 21.2R3-S7-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO,  * 22.3-EVO versions before 22.3R3-S1-EVO,  * 22.4-EVO versions before 22.4R3-EVO.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-09
CVE-2025-21590
Known exploited
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
CVSS Score
4.4
EPSS Score
0.027
Published
2025-03-12
CVE-2024-39564
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS:  * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-05
CVE-2025-21598
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS:  * from 21.2R3-S8 before 21.2R3-S9,  * from 21.4R3-S7 before 21.4R3-S9,  * from 22.2R3-S4 before 22.2R3-S5,  * from 22.3R3-S2 before 22.3R3-S4,  * from 22.4R3 before 22.4R3-S5,  * from 23.2R2 before 23.2R2-S2,  * from 23.4R1 before 23.4R2-S1,  * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO,  * from 22.2R3-S4-EVO before 22.2R3-S5-EVO,  * from 22.3R3-S2-EVO before 22.3R3-S4-EVO,  * from 22.4R3-EVO before 22.4R3-S5-EVO,  * from 23.2R2-EVO before 23.2R2-S2-EVO,  * from 23.4R1-EVO before 23.4R2-S1-EVO,  * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device:  show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:   rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and   rpd[<pid>]: Malformed Attribute
CVSS Score
7.5
EPSS Score
0.003
Published
2025-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved