📦 Junos
by Juniper
🔍 What is Junos?
Based on FreeBSD with a modular architecture, Junos OS provides advanced routing protocols (BGP, OSPF, IS-IS, MPLS), switching features, security functions, traffic engineering, and network automation capabilities. Junos devices are commonly deployed as core routers, edge routers, data center spine-leaf switches, security gateways, and SD-WAN controllers supporting Juniper's MX, PTX, QFX, EX, and SRX product lines.
Security vulnerabilities in Junos OS can have critical impact on network availability, routing integrity, and internet stability. Common vulnerability types include authentication bypasses in J-Web interface, privilege escalation, denial-of-service affecting routing protocols, command injection, buffer overflows, and flaws in SNMP implementation, BGP processing, and IPsec VPN. Exploited vulnerabilities can enable unauthorized administrative access, network disruption, traffic interception, or routing hijacks affecting enterprise and carrier networks.
Organizations running Junos infrastructure should implement strict access controls, disable unused services (J-Web, FTP, Telnet), segment management networks, monitor Juniper security advisories, and maintain regular software updates. Network security teams should pay particular attention to internet-facing devices, VPN gateways, and critical routing infrastructure when assessing vulnerability exposure.
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
An out-of-bounds write vulnerability in Juniper J-Web interface allows unauthenticated attackers to execute arbitrary code with root privileges or cause denial of service. This affects Juniper SRX and...
This vulnerability allows unauthenticated attackers to remotely execute arbitrary code on Juniper EX Series switches and SRX Series firewalls by manipulating PHP environment variables. Attackers can e...
This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowing attackers to take over any NFX deployment instance through administrative interfaces. Only NFX Se...
This is a critical buffer overflow vulnerability in Juniper Junos OS overlayd service that handles VXLAN overlay OAM packets. Unauthenticated remote attackers can send specially crafted UDP packets to...
This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specially crafted BGP FlowSpec messages that cause route advertisement disruptions, leading to denial of s...
A double free vulnerability in Juniper's flow processing daemon (flowd) allows unauthenticated attackers to cause denial-of-service by sending a specific sequence of TCP packets during session establi...
An unauthenticated attacker can send specially crafted DNS requests to Juniper SRX Series devices running vulnerable Junos OS versions, causing the flowd process to crash and restart. This results in ...
An unauthenticated attacker can cause a complete denial-of-service on vulnerable Juniper EX4000 switches by sending high volumes of traffic to the device. This triggers a crash and automatic restart o...
An improper locking vulnerability in Juniper SRX Series GTP plugin allows unauthenticated attackers to cause denial-of-service by sending malformed GTP Modify Bearer Request messages. This causes a wa...
An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending specially crafted SSL packets to devices with UTM Web-Filtering enabled. This causes FPC crashes an...
An unauthenticated attacker can crash the packet forwarding engine on vulnerable Juniper SRX Series devices by sending a specific ICMP packet through a GRE tunnel when PowerMode IPsec and GRE performa...
A use-after-free vulnerability in Juniper's 802.1X authentication daemon (dot1xd) allows authenticated, network-adjacent attackers to crash the daemon or potentially execute arbitrary code as root. Th...
An unauthenticated attacker can send specially crafted SIP messages over TCP to trigger an infinite loop in Juniper's SIP ALG, crashing critical processes and causing a denial of service. This affects...
A vulnerability in Juniper's DHCP service allows a DHCP client in one subnet to exhaust address pools in other subnets, causing Denial of Service on downstream DHCP servers. This affects Junos OS and ...
A buffer over-read vulnerability in Juniper's routing protocol daemon (rpd) allows unauthenticated attackers to cause denial-of-service by sending specially crafted BGP updates. The vulnerability affe...
An unauthenticated network attacker can cause a denial-of-service by sending a specific BGP EVPN update message to Juniper Junos OS and Junos OS Evolved devices, crashing the routing protocol daemon. ...
An uninitialized resource vulnerability in Juniper SRX4700 devices with forwarding-options sampling enabled allows unauthenticated network attackers to cause FPC line card crashes by sending traffic t...
This vulnerability allows network-based, unauthenticated attackers to gain root access to Juniper Junos OS VM Host systems even after the configured public key has been removed. Attackers who possess ...
An unauthenticated network attacker can cause Juniper SRX300 Series firewalls to crash and restart by sending specially crafted BGP updates. This affects Junos OS versions 22.1-23.4 with vulnerable rp...
A local privilege escalation vulnerability in Juniper Junos OS allows low-privileged users to place scripts that execute as root during system boot on specific line cards. This could give attackers co...
An unauthenticated attacker can cause denial-of-service on Juniper MX Series routers by sending high rates of specific GRE traffic. This causes the Packet Forwarding Engine to hang, stopping all traff...
An unauthenticated network attacker can cause sustained denial-of-service on Juniper MX and SRX series devices by sending specially crafted SIP invites. The vulnerability triggers memory corruption in...
An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending specific HTTP content that triggers a memory leak in Anti-Virus processing. This affects all SRX pl...
An unauthenticated adjacent attacker can send a malformed DHCP packet to crash the Juniper DHCP daemon (jdhcpd) when dhcp-security is enabled, causing DHCP service denial. The service automatically re...
An unauthenticated network attacker can send a specific ICMPv6 packet to cause the routing protocol daemon (rpd) to crash and restart, leading to denial of service. This affects Juniper Networks Junos...
A heap-based buffer overflow vulnerability in Juniper Networks Junos OS flexible PIC concentrator (FPC) allows attackers to send specific DHCP packets to cause FPC crashes and denial of service. Under...
An unauthenticated attacker can send specially crafted network traffic to Juniper devices to cause CPU exhaustion and denial of service. This affects Juniper SRX, EX, MX, and QFX series devices runnin...
This vulnerability in Juniper Networks Junos OS on MX Series routers allows crafted IPv6 traffic to cause a denial of service by permanently blocking NAT ports in DS-Lite scenarios. When exploited, us...
A double-free vulnerability in Juniper Junos OS and Junos OS Evolved routing process daemon (rpd) allows attackers to cause denial of service by sending malformed BGP path attribute updates. This affe...
An out-of-bounds read vulnerability in Juniper Junos OS and Junos OS Evolved routing protocol daemon (rpd) allows unauthenticated attackers to crash the daemon by sending malformed BGP packets when pa...
An unauthenticated attacker can send a specially crafted malformed packet to cause a flowd crash and restart on non-clustered SRX5000 Series devices, resulting in denial of service. This affects Junip...
An unauthenticated attacker can send specific HTTPS requests to Juniper Junos OS devices, causing uncontrolled process creation that leads to resource exhaustion and device crashes. This affects SRX, ...
An unauthenticated attacker can cause denial of service by sending a specially crafted BGP update with a malformed AS PATH attribute to Juniper devices running vulnerable Junos OS versions with BMP co...
An unauthenticated attacker can send specific H.323 packets to Juniper SRX/MX Series devices, causing uncontrolled resource consumption that leads to traffic loss and denial of service. This affects J...
An unauthenticated network attacker can cause denial-of-service on affected Juniper devices by sending specific traffic that crashes critical packet processing components. This affects Juniper MX, ACX...
An unauthenticated attacker can cause a denial of service by sending specially crafted IPsec negotiation packets to Juniper devices running vulnerable versions of the IKE daemon (iked). This affects J...
An unauthenticated attacker can cause a denial-of-service by sending specific valid TCP traffic to affected Juniper devices, triggering a Packet Forwarding Engine crash and restart. This affects Junip...
This CVE describes a format string vulnerability in Juniper SRX Series firewalls that allows unauthenticated attackers to cause denial-of-service by crashing the Packet Forwarding Engine. The vulnerab...
A heap-based buffer overflow vulnerability in Juniper Networks Junos OS telemetry sensor process (sensord) causes memory leaks when specific telemetry subscriptions are active. This leads to gradual m...
This vulnerability allows remote attackers to cause denial of service by sending specially crafted BGP update messages to Juniper devices with segment routing enabled. Attackers can reset BGP sessions...
An unauthenticated network attacker can cause a denial-of-service by sending specific valid traffic to vulnerable Juniper SRX and NFX Series devices. This triggers a Packet Forwarding Engine crash and...
A stack-based buffer overflow vulnerability in Juniper's flowd daemon allows unauthenticated network attackers to cause denial of service by sending specific URL requests. This affects Junos OS on MX ...
An unauthenticated network attacker can cause a denial of service on Juniper SRX4600 devices by sending specific high-volume traffic that triggers a memory buffer handling error in the Packet Forwardi...
This vulnerability allows network-based attackers to cause a denial of service on Juniper devices by sending malicious routing updates that trigger memory corruption in the routing protocol daemon. On...
An unauthenticated network attacker can cause denial of service by sending a specially crafted BGP update with a malformed tunnel encapsulation TLV, causing the Routing Protocol Daemon (RPD) to crash ...
A Use After Free vulnerability in Juniper's chassis daemon allows authenticated low-privilege attackers to cause denial-of-service by repeatedly subscribing/unsubscribing telemetry collectors. This af...
A local Time-of-check Time-of-use race condition vulnerability in Juniper Junos OS on MX10k Series allows low-privileged users to cause line card crashes by repeatedly executing the 'show system firmw...
This CVE describes a memory leak vulnerability in Juniper's routing protocol daemon (rpd) that allows an adjacent IS-IS neighbor to send malicious update packets causing memory exhaustion. Continued e...
An unauthenticated network-adjacent attacker can cause denial of service by flapping an interface in EVPN-VXLAN configurations on affected Juniper devices. This causes traffic between VXLAN Network Id...
An unauthenticated attacker on an adjacent network can send a specially crafted malformed ICMPv4 packet to vulnerable Juniper Junos OS devices, causing the Forwarding Plane Card (FPC) to crash and res...
A stack-based buffer overflow vulnerability in Juniper Junos OS Packet Forwarding Engine allows authenticated low-privilege attackers to cause denial-of-service by crashing FPCs through telemetry sens...
A local untrusted pointer dereference vulnerability in Juniper Junos OS routing protocol daemon allows authenticated low-privilege users to cause denial-of-service by executing specific 'show route' c...
A local privilege escalation vulnerability in Juniper's DHCP daemon allows any authenticated user, regardless of privileges, to connect to the management Unix socket and issue administrative commands....
A local attacker with low privileges can cause a denial-of-service on Juniper Junos OS devices by executing a specially crafted 'show chassis' command. This crashes the chassis daemon, forcing reiniti...
An unauthenticated network attacker can send a specific BGP attribute to Juniper Junos devices, causing them to modify it incorrectly before forwarding to peers. This malformed attribute causes peers ...
This vulnerability allows authenticated network-based attackers to bypass password expiration policies on Juniper Junos OS and Junos OS Evolved devices. When a RADIUS server rejects a login due to an ...
An uninitialized pointer access vulnerability in Juniper's routing protocol daemon (rpd) with BGP sharding enabled allows attackers to cause route resolution churn through IGP route changes, leading t...
An origin validation error in Juniper EX4600 and QFX5000 Series devices allows attackers with physical access to create persistent backdoors when no root password is configured. This enables complete ...
A local privilege escalation vulnerability in Juniper Junos OS and Junos OS Evolved allows high-privileged local attackers to execute arbitrary commands as root by crafting malicious arguments to the ...
An incorrect authorization vulnerability in Juniper Junos OS on SRX Series allows unauthenticated attackers to access the J-Web management interface through unintended network interfaces. This affects...
An unauthenticated network attacker can cause a denial-of-service by sending a specific sequence of SIP calls to Juniper MX Series devices with MS-MPC cards running vulnerable Junos OS versions. This ...
A reachable assertion vulnerability in Juniper Junos OS and Junos OS Evolved routing protocol daemon allows adjacent unauthenticated attackers to cause denial of service by crashing rpd during BGP ses...
An unauthenticated network attacker can cause a denial of service by sending a specific BGP UPDATE packet to Juniper devices running vulnerable Junos OS versions. This causes the routing protocol daem...
An improper handling of exceptional conditions vulnerability in Juniper Junos OS on specific ACX Series platforms allows attackers to crash the Forwarding Engine Board (FEB) by flapping an interface c...
A vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer to crash the routing protocol daemon (rpd) by sending a specifically malformed BGP packet, causin...
An out-of-bounds write vulnerability in Juniper Junos OS CFM daemon allows unauthenticated adjacent attackers to crash FPC cards by sending malformed packets, causing denial of service. This affects M...
An expired pointer dereference vulnerability in Juniper's Routing Protocol Daemon (rpd) allows adjacent attackers to cause denial of service by triggering MPLS LSP flapping. This affects Junos OS and ...
A local privilege escalation vulnerability in Juniper Junos OS and Junos OS Evolved allows low-privileged users to cause a denial-of-service by running a specific BGP show command. This affects device...
A signed-to-unsigned conversion error in Juniper's Layer 2 Control Protocol daemon (l2cpd) allows an unauthenticated adjacent attacker to cause a denial of service by sending a specifically malformed ...
An unauthenticated, logically adjacent BGP peer can cause a denial of service by triggering a crash and restart of the routing protocol daemon (rpd) in Juniper Junos OS and Junos OS Evolved. This occu...
A local privilege escalation vulnerability in Juniper Junos OS kernel allows attackers with shell access to inject arbitrary code and compromise device integrity. This affects local attackers with hig...
An unauthenticated attacker can send malformed BGP UPDATE packets to Juniper devices with SRv6 enabled, causing the routing protocol daemon (rpd) to crash and restart, leading to denial of service. Th...
An out-of-bounds read vulnerability in Juniper's routing protocol daemon (rpd) allows unauthenticated, adjacent BGP peers to crash the service by sending malformed BGP packets, causing denial of servi...
A deadlock vulnerability in Juniper SRX Series packet forwarding engine allows unauthenticated network attackers to cause denial of service by sending large amounts of traffic through ATP Cloud inspec...
This vulnerability allows an unauthenticated attacker on the same network segment to cause a denial of service on Juniper MX Series routers with Trio-based FPCs. Repeated physical interface flap opera...