Vulnerabilities in Juniper Networks

893 results
Vexday analysis

Com 893 CVEs catalogadas e 7 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração de dispositivos Juniper Networks está 1,7× acima da média geral do catálogo, o que indica risco operacional elevado para organizações que dependem dessas soluções. A CVE mais crítica em exploração ativa no momento é CVE-2023-36846, com escore EPSS de 0,9421 — valor que sinaliza altíssima probabilidade de exploração em curto prazo e deve concentrar esforços imediatos de remediação. O tipo de falha mais recorrente, CWE-754 (verificação inadequada de condições excepcionais), aponta para uma fragilidade estrutural de tratamento de erros que tende a se manifestar em múltiplos componentes. Com 38 CVEs de severidade crítica, 4 com prova de conceito pública disponível e 27 vulnerabilidades surgidas nos últimos 90 dias, o ritmo de exposição recente exige monitoramento contínuo e priorização ativa de patches.

CVE-2025-30647HIGHJunos OS: MX Series: Subscriber login/logout activity will lead to a memory leakEPSS 0.2%CVE-2025-30653MEDIUMJunos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crashEPSS 0.2%CVE-2024-39539MEDIUMJunos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crashEPSS 0.2%CVE-2024-39512HIGHJunos OS Evolved: User is not logged out when the console cable is disconnectedEPSS 0.2%CVE-2025-59989MEDIUMJunos Space: Device Discovery page is vulnerable to reflected cross-site script injectionEPSS 0.2%CVE-2025-59999MEDIUMJunos Space: API Access Profiles page is vulnerable to reflected cross-site script injectionEPSS 0.2%CVE-2020-1630MEDIUMJunos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change.EPSS 0.2%CVE-2025-52958MEDIUMJunos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crashEPSS 0.2%CVE-2023-28984MEDIUMJunos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and agedEPSS 0.2%CVE-2026-21904MEDIUMJunos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injectionEPSS 0.2%CVE-2024-30387HIGHJunos OS: ACX5448 & ACX710: Due to interface flaps the PFE process can crashEPSS 0.2%CVE-2021-0256MEDIUMJunos OS: mosquitto Local Privilege Escalation vulnerability in SUID binariesEPSS 0.2%CVE-2025-6549MEDIUMJunos OS: SRX Series: J-Web can be exposed on additional interfacesEPSS 0.2%CVE-2022-22221HIGHJunos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionalityEPSS 0.2%CVE-2024-47495HIGHJunos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.EPSS 0.2%CVE-2025-30648HIGHJunos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crashEPSS 0.2%CVE-2024-47501MEDIUMJunos OS: MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C: In a VPLS or Junos Fusion scenario specific show commands cause FPCs to crashEPSS 0.2%CVE-2021-0255MEDIUMJunos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binariesEPSS 0.2%CVE-2025-59990MEDIUMJunos Space: Template creation pages are vulnerable to reflected cross-site script injectionEPSS 0.2%CVE-2025-59986MEDIUMJunos Space: Input fields in Model Devices are vulnerable to reflected cross-site script injectionEPSS 0.2%