Vulnerabilidades en Juniper Networks

893 resultados
Análisis Vexday

Com 893 CVEs catalogadas e 7 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração de dispositivos Juniper Networks está 1,7× acima da média geral do catálogo, o que indica risco operacional elevado para organizações que dependem dessas soluções. A CVE mais crítica em exploração ativa no momento é CVE-2023-36846, com escore EPSS de 0,9421 — valor que sinaliza altíssima probabilidade de exploração em curto prazo e deve concentrar esforços imediatos de remediação. O tipo de falha mais recorrente, CWE-754 (verificação inadequada de condições excepcionais), aponta para uma fragilidade estrutural de tratamento de erros que tende a se manifestar em múltiplos componentes. Com 38 CVEs de severidade crítica, 4 com prova de conceito pública disponível e 27 vulnerabilidades surgidas nos últimos 90 dias, o ritmo de exposição recente exige monitoramento contínuo e priorização ativa de patches.

CVE-2022-22244MEDIUMJunos OS: Unauthenticated XPath Injection vulnerability in J-WebEPSS 0.5%CVE-2021-0296HIGHCTPView: HSTS not being enforced on CTPView server.EPSS 0.5%CVE-2018-0053MEDIUMvSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting.EPSS 0.5%CVE-2023-28963MEDIUMJunos OS: User-controlled input vulnerability in J-WebEPSS 0.5%CVE-2017-2344HIGHJunos: Buffer overflow in sockets libraryEPSS 0.5%CVE-2024-21610MEDIUMJunos OS: If in a scaled CoS scenario information on CoS state is gathered mgd processes get stuckEPSS 0.5%CVE-2024-30409MEDIUMJunos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS).EPSS 0.5%CVE-2024-39529HIGHJunos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crashEPSS 0.5%CVE-2024-39551HIGHJunos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic dropEPSS 0.5%CVE-2024-39530HIGHJunos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crashEPSS 0.5%CVE-2024-39542HIGHJunos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crashEPSS 0.5%CVE-2023-28978MEDIUMJunos OS Evolved: Read access to some confidential user information is possibleEPSS 0.5%CVE-2023-22412HIGHJunos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if the SIP ALG is enabled and specific SIP messages are processedEPSS 0.5%CVE-2024-39549HIGHJunos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leakEPSS 0.5%CVE-2021-0267HIGHJunos OS: Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to core.EPSS 0.5%CVE-2025-52988HIGHJunos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'EPSS 0.5%CVE-2016-4922HIGHJunos: Privilege escalation vulnerabilities in Junos CLIEPSS 0.5%CVE-2025-52980HIGHJunos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE messageEPSS 0.5%CVE-2024-30381HIGHParagon Active Assurance: probe_serviced exposes internal objects to local usersEPSS 0.5%CVE-2026-33784CRITICALJSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged accessEPSS 0.5%