The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Junos OS

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0022

Junos OS: memory leak via MPLS/VPLS

Synthesis of the vulnerability

An attacker can create a memory leak via MPLS/VPLS of Junos OS, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0022, JSA10855, VIGILANCE-VUL-25854.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via MPLS/VPLS of Junos OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-0021

Junos OS: Man-in-the-Middle via Short MacSec Keys

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via Short MacSec Keys on Junos OS, in order to read or write data in the session.
Severity: 2/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0021, JSA10854, VIGILANCE-VUL-25853.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via Short MacSec Keys on Junos OS, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0020

Junos OS: denial of service via BGP UPDATE

Synthesis of the vulnerability

An attacker can send malicious BGP UPDATE packets to Junos OS, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0020, JSA10848, VIGILANCE-VUL-25850.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Junos OS product has a service to manage received BGP UPDATE packets.

However, when malicious BGP UPDATE packets are received, a fatal error occurs.

An attacker can therefore send malicious BGP UPDATE packets to Junos OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-0019

Junos OS: denial of service via SNMP MIB-II Subagent Daemon

Synthesis of the vulnerability

An attacker can generate a fatal error via SNMP MIB-II Subagent Daemon of Junos OS, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0019, JSA10847, VIGILANCE-VUL-25849.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via SNMP MIB-II Subagent Daemon of Junos OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0018

Junos OS: privilege escalation via IDP Policies

Synthesis of the vulnerability

An attacker can bypass restrictions via IDP Policies of Junos OS, in order to escalate his privileges.
Severity: 3/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0018, JSA10846, VIGILANCE-VUL-25848.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via IDP Policies of Junos OS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0017

Junos OS: denial of service via NAT-PT

Synthesis of the vulnerability

An attacker can generate a fatal error via NAT-PT of Junos OS, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0017, JSA10845, VIGILANCE-VUL-25847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via NAT-PT of Junos OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-0016

Junos OS: denial of service via CLNP

Synthesis of the vulnerability

An attacker can send malicious CLNP packets to Junos OS, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 12/04/2018.
Identifiers: CERTFR-2018-AVI-184, CVE-2018-0016, JSA10844, VIGILANCE-VUL-25846.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Junos OS product has a service to manage received CLNP packets.

However, when malicious CLNP packets are received, a fatal error occurs.

An attacker can therefore send malicious CLNP packets to Junos OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-18258

libxml2: denial of service via xz_head

Synthesis of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/04/2018.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2017-18258, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, SUSE-SU-2018:3081-1, TNS-2018-08, USN-3739-1, USN-3739-2, VIGILANCE-VUL-25798.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Junos OS: