Vulnerabilidades em Juniper Networks

893 resultados

Análise Vexday

Com 893 CVEs catalogadas e 7 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração de dispositivos Juniper Networks está 1,7× acima da média geral do catálogo, o que indica risco operacional elevado para organizações que dependem dessas soluções. A CVE mais crítica em exploração ativa no momento é CVE-2023-36846, com escore EPSS de 0,9421 — valor que sinaliza altíssima probabilidade de exploração em curto prazo e deve concentrar esforços imediatos de remediação. O tipo de falha mais recorrente, CWE-754 (verificação inadequada de condições excepcionais), aponta para uma fragilidade estrutural de tratamento de erros que tende a se manifestar em múltiplos componentes. Com 38 CVEs de severidade crítica, 4 com prova de conceito pública disponível e 27 vulnerabilidades surgidas nos últimos 90 dias, o ritmo de exposição recente exige monitoramento contínuo e priorização ativa de patches.

CVE-2024-39547HIGHJunos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilizationEPSS 0.9%CVE-2019-0016MEDIUMJunos Space: Authenticated user able to delete devices without delete device privilegesEPSS 0.9%CVE-2021-0278HIGHJunos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.EPSS 0.9%CVE-2017-10623HIGHJunos Space: Insufficient verification of cluster messagesEPSS 0.9%CVE-2021-0263MEDIUMJunos OS: PTX Series: Denial of Service in packet processing due to heavy route churn when J-Flow sampling is enabledEPSS 0.9%CVE-2018-0003MEDIUMJunos OS: A crafted MPLS packet may lead to a kernel crashEPSS 0.9%CVE-2024-21620HIGHJunos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSSEPSS 0.9%CVE-2022-22185HIGHJunos OS: SRX Series: Denial of service vulnerability in flowd daemon upon receipt of a specific fragmented packetEPSS 0.9%CVE-2022-22190HIGHParagon Active Assurance Control Center: Information disclosure vulnerability in crafted URLEPSS 0.9%CVE-2021-0260HIGHJunos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests.EPSS 0.9%CVE-2017-10611MEDIUMJunos: EX Series PFE and MX MPC7E/8E/9E PFE crash when fetching interface stats with 'extended-statistics' enabledEPSS 0.9%CVE-2024-21619MEDIUMJunos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive informationEPSS 0.9%CVE-2020-1607HIGHJunos OS: Cross-Site Scripting (XSS) in J-WebEPSS 0.9%CVE-2021-0266HIGHcSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.EPSS 0.9%CVE-2017-10604MEDIUMJunos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked outEPSS 0.9%CVE-2020-1676HIGHJuniper Networks Mist Cloud UI: SAML authentication response handling vulnerability.EPSS 0.9%CVE-2021-0226HIGHJunos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packetEPSS 0.9%CVE-2021-0269HIGHJunos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks.EPSS 0.9%CVE-2022-22209HIGHJunos OS: RIB and PFEs can get out of sync due to a memory leak caused by interface flaps or route churnEPSS 0.9%CVE-2019-0041MEDIUMJunos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface.EPSS 0.9%

← anteriorpágina 14 / 45próxima →