Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-0288

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-15 Jul, 2021 | 20:01
Updated At-17 Sep, 2024 | 02:10
Rejected At-
Credits

Junos OS: MX Series, EX9200 Series: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2;

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:15 Jul, 2021 | 20:01
Updated At:17 Sep, 2024 | 02:10
Rejected At:
▼CVE Numbering Authority (CNA)
Junos OS: MX Series, EX9200 Series: FPC may crash upon receipt of specific MPLS packet affecting Trio-based MPCs

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2;

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • MX Series, EX9200 Series
Versions
Affected
  • From 17.3 before 17.3R3-S12 (custom)
  • From 17.4 before 17.4R2-S13, 17.4R3-S5 (custom)
  • From 18.1 before 18.1R3-S13 (custom)
  • From 18.2 before 18.2R3-S8 (custom)
  • From 18.3 before 18.3R3-S5 (custom)
  • From 18.4 before 18.4R2-S8, 18.4R3-S8 (custom)
  • From 19.1 before 19.1R3-S5 (custom)
  • From 19.2 before 19.2R3-S2 (custom)
  • From 19.3 before 19.3R2-S6, 19.3R3-S3 (custom)
  • From 19.4 before 19.4R1-S4, 19.4R1-S4, 19.4R2-S4, 19.4R3-S2 (custom)
  • From 20.1 before 20.1R3 (custom)
  • From 20.2 before 20.2R2-S2, 20.2R3 (custom)
  • From 20.3 before 20.3R2 (custom)
  • From 20.4 before 20.4R2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754 Improper Check for Unusual or Exceptional Conditions
Type: CWE
CWE ID: CWE-754
Description: CWE-754 Improper Check for Unusual or Exceptional Conditions
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R2-S4, 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases.

Configurations
Workarounds

There are no viable workarounds for this issue.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA11190
x_refsource_CONFIRM
Hyperlink: https://kb.juniper.net/JSA11190
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA11190
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.juniper.net/JSA11190
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:15 Jul, 2021 | 20:15
Updated At:29 Jul, 2021 | 14:20

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2;

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s11:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.3
cpe:2.3:o:juniper:junos:17.3:r3-s9:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s12:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>17.4
cpe:2.3:o:juniper:junos:17.4:r3-s4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Primarynvd@nist.gov
CWE-754Secondarysirt@juniper.net
CWE ID: CWE-754
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-754
Type: Secondary
Source: sirt@juniper.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.juniper.net/JSA11190sirt@juniper.net
Vendor Advisory
Hyperlink: https://kb.juniper.net/JSA11190
Source: sirt@juniper.net
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

209Records found
CVE-2026-33781
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.15%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:35
Updated-17 Apr, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS). On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS: * 24.4 releases before 24.4R2, * 25.2 releases before 25.2R1-S1, 25.2R2. This issue does not affect Junos OS releases before 24.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4000ex4300qfx5200qfx5230-64cdjunosqfx5700ex4600qfx5120qfx5240qfx5110qfx5210ex4100-fex4100qfx5241ex4650qfx5220ex4400qfx5130ex4100-hJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-0068
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.22%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-28974
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 26.46%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from subscribers the process bbe-smgd will crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a Broadband Edge / Subscriber Management scenario on MX Series when a specifically malformed ICMP packet addressed to the device is received from a subscriber the bbe-smgd will crash, affecting the subscriber sessions that are connecting, updating, or terminating. Continued receipt of such packets will lead to a sustained DoS condition. When this issue happens the below log can be seen if the traceoptions for the processes smg-service are enabled: BBE_TRACE(TRACE_LEVEL_INFO, "%s: Dropped unsupported ICMP PKT ... This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mxmx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-22238
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.79%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 02:46
Updated-10 May, 2025 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-22196
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:50
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-47503
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:32
Updated-26 Jan, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX4600 and SRX5000 Series: Sequence of specific PIM packets causes a flowd crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before 22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2,  * 24.2 versions before 24.2R1-S1, 24.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5600srx5400junossrx4600srx5800Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-22217
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.49%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 14:15
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10K Series: Denial of Service (DoS) upon receipt of crafted MLD packets on multi-homing ESI in VXLAN

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. These MLD packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10002qfx10016junosqfx10008Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-0228
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: DDoS LACP violation upon receipt of specific layer 2 frames in EVPN-VXLAN deployment

An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) condition. An indication of compromise is to check DDOS LACP violations: user@device> show ddos-protection protocols statistics brief | match lacp This issue only affects the MX Series platforms with Trio-based MPC. No other products or platforms are affected. This issue affects: Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx5mx960mx240mx204mx480mx104mx150junosmx10mx80mx40Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-0287
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 20:01
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD could crash in SR-ISIS/MPLS environment due to a flap of an ISIS link in the network

In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-0239
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.11%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames.

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-21910
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.49%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:23
Updated-25 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS). On all EX4k and QFX5k platforms, a link flap in an EVPN-VXLAN configuration Link Aggregation Group (LAG) results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination. This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command. This issue affects Junos OS on EX4k and QFX5k Series:  * all versions before 21.4R3-S12,  * all versions of 22.2 * from 22.4 before 22.4R3-S8,  * from 23.2 before 23.2R2-S5,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300qfx5230-64cdqfx5110qfx5200qfx5240ex4000ex4100-fqfx5210ex4100-hqfx5220ex4100qfx5130ex4400ex4650ex4600qfx5241qfx5120junosqfx5700Junos OS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-39517
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 23:06
Updated-07 Feb, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS). In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services. This issue affects both IPv4 and IPv6 implementations. This issue affects Junos OS: All versions earlier than 21.4R3-S7; 22.1 versions earlier than 22.1R3-S5; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S3; 22.4 versions earlier than 22.4R3-S2; 23.2 versions earlier than 23.2R2; 23.4 versions earlier than 23.4R1-S1. Junos OS Evolved: All versions earlier than 21.4R3-S7-EVO; 22.1-EVO versions earlier than 22.1R3-S5-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S3-EVO; 22.4-EVO versions earlier than 22.4R3-S2-EVO; 23.2-EVO versions earlier than 23.2R2-EVO; 23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-39535
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 16:09
Updated-22 Jan, 2026 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: ACX 7000 Series: When specific traffic is received in a VPLS scenario evo-pfemand crashes

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a device has a Layer 3 or an IRB interface configured in a VPLS instance and specific traffic is received, the evo-pfemand processes crashes which causes a service outage for the respective FPC until the system is recovered manually. This issue only affects Junos OS Evolved 22.4R2-S1 and 22.4R2-S2 releases and is fixed in 22.4R3. No other releases are affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-acx7020acx7100acx7024acx7024xjunos_os_evolvedacx7300acx7509Junos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-39519
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 15:55
Updated-23 Sep, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). On all ACX 7000 Series platforms running Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic. This issue affects Junos OS Evolved:  All versions from 22.2R1-EVO and later versions before 22.4R2-EVO, This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-acx7024xjunos_os_evolvedacx7100-48lacx7100-32cacx7332acx7509acx7348acx7024Junos OS Evolved
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-28965
Matching Score-10
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 60.01%
||
7 Day CHG+0.14%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service

An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10002junosJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-0208
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5400srx5800srx380srx4200srx550srx300srx340srx320junos_os_evolvedsrx5600junossrx4100srx4600srx1500Junos OSJunos OS Evolved
CWE ID-CWE-20
Improper Input Validation
CVE-2021-0209
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:35
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX.

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-30647
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:53
Updated-26 Jan, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.                 user@host> show chassis fpc                                        Temp    CPU Utilization (%)   CPU Utilization (%)   Memory     Utilization (%)                       Slot State       (C)     Total   Interrupt     1min   5min  15min    DRAM (MB)  Heap   Buffer                       2 Online         36       10         0          9     8     9        32768      26         0                                                                                                       This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx304mx2010mx204mx10004mx10008mx960mx240junosmx480mx2020Junos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-30653
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:57
Updated-23 Jan, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * All versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2. Junos OS Evolved: * All versions before 22.2R3-S4-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2025-21602
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 16:49
Updated-26 Jan, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS:  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  This issue does not affect versions prior to 21.1R1. Junos OS Evolved:  * from 21.4 before 21.4R3-S9-EVO,  * from 22.2 before 22.2R3-S5-EVO,  * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO,  * from 23.2 before 23.2R2-S3-EVO,  * from 23.4 before 23.4R2-S3-EVO,  * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions prior to 21.1R1-EVO

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2018-0063
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.27%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 18:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Nexthop index allocation failed: private index space exhausted after incoming ARP requests to management interface

A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existing entries cannot be cleared, leading to a sustained denial of service (DoS) condition. An indicator of compromise for this issue is the report of the following error message: %KERN-4: Nexthop index allocation failed: private index space exhausted This issue only affects the management interface, and does not impact regular transit traffic through the FPCs. This issue also only affects Junos OS 17.3R3. No prior versions of Junos OS are affected by this issue. Affected releases are Juniper Networks Junos OS: 17.3R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21593
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 16:41
Updated-26 Jan, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2; and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S10-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-664
Improper Control of a Resource Through its Lifetime
CVE-2025-21595
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:50
Updated-26 Jan, 2026 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart. This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command. user@host> show chassis fpc                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%) Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer   0 Online           45     3         0       2       2      2       32768      19       0 <<<<<<< Heap increase in all fPCs This issue affects Junos OS: * All versions before 21.2R3-S7, * 21.4 versions before 21.4R3-S4, * 22.2 versions before 22.2R3-S1,  * 22.3 versions before 22.3R3-S1,  * 22.4 versions before 22.4R2-S2, 22.4R3. and Junos OS Evolved: * All versions before 21.2R3-S7-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO,  * 22.3-EVO versions before 22.3R3-S1-EVO,  * 22.4-EVO versions before 22.4R3-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-21600
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.76%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 16:49
Updated-26 Jan, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer.  This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R1-S2, 24.2R2;  Junos OS Evolved:  * from 21.4-EVO before 21.4R3-S9-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S2-EVO,  * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions of Junos OS prior to 21.3R1. This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1670
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets

On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosex4300Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-0214
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Denial of Service in ppmd upon receipt of malformed packet

A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. Continued receipt and processing of these malformed packets will repeatedly crash the PPMD process and sustain the Denial of Service (DoS) condition. Due to the nature of the specifically crafted packet, exploitation of this issue requires direct, adjacent connectivity to the vulnerable component. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0063
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.70%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message

When an MX Series Broadband Remote Access Server (BRAS) is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue only affects systems configured with DHCPv6 enabled. DHCPv4 is unaffected by this issue. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S5 on MX Series; 16.1 versions prior to 16.1R7-S5 on MX Series; 16.2 versions prior to 16.2R2-S10 on MX Series; 17.1 versions prior to 17.1R3-S1 on MX Series; 17.2 versions prior to 17.2R3-S2 on MX Series; 17.3 versions prior to 17.3R3-S6 on MX Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on MX Series; 18.1 versions prior to 18.1R3-S6 on MX Series; 18.2 versions prior to 18.2R2-S4, 18.2R3 on MX Series; 18.2X75 versions prior to 18.2X75-D50 on MX Series; 18.3 versions prior to 18.3R1-S5, 18.3R3 on MX Series; 18.4 versions prior to 18.4R2 on MX Series; 19.1 versions prior to 19.1R1-S2, 19.1R2 on MX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx204mx480mx104junosmx80mx40vmxJunos OS
CVE-2026-33780
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.19%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:29
Updated-17 Apr, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjunos_os_evolvedJunos OS EvolvedJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-44203
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:06
Updated-17 Sep, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4400qfx5210-64cqfx5220ex2300-24tex2300-48pqfx5210qfx5110ex2300-24mpqfx5120qfx5100ex2300-48tex3400ex2300qfx5200-48yqfx5130qfx5100-96sex4100-fex2300-48mpex4100ex2300mqfx5200ex4600ex2300-24pqfx5200-32cjunosex2300-cJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2026-33782
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.55%
||
7 Day CHG+0.01%
Published-09 Apr, 2026 | 21:29
Updated-17 Apr, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx204mx2008mx10004mx10008mx2020mx960mx301mx240mx304mx2010mx480junosJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-33775
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.96%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:30
Updated-17 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory available to bbe-smgd has been consumed, no new subscribers will be able to login. The memory utilization of bbe-smgd can be monitored with the following show command: user@host> show system processes extensive | match bbe-smgd The below log message can be observed when this limit has been reached: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion This issue affects Junos OS on MX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx204mx2008mx10004mx10008mx2020mx960mx301mx240mx304mx2010mx480junosJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-0046
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:40
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface.

A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device. Affected releases are Juniper Networks Junos OS: 16.1 versions above and including 16.1R1 prior to 16.1R7-S5; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-0067
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG)

Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CVE-2019-0038
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 20:13
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS

Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junossrx340srx345Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-36834
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.50%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 17:04
Updated-22 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted. This issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series: 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx5400srx5800srx5600junossrx4600Junos OS
CWE ID-CWE-372
Incomplete Internal State Distinction
CVE-2023-36833
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 16:56
Updated-22 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service. An indication that the system experienced this issue is the following log message:   <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202: 21.2 version 21.2R1-EVO and later versions; 21.3 version 21.3R1-EVO and later versions; 21.4 versions prior to 21.4R3-S3-EVO; 22.1 version 22.1R1-EVO and later versions; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R3-EVO; 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedptx10001-36mrptx10008ptx10004ptx10016Junos OS Evolved
CWE ID-CWE-416
Use After Free
CVE-2023-36842
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:48
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: jdhcpd will hang on receiving a specific DHCP packet

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-36848
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.38%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 17:52
Updated-22 Oct, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface. This issue affects Juniper Networks Junos OS: versions prior to 19.1R3-S10 on MX Series; 19.2 versions prior to 19.2R3-S7 on MX Series; 19.3 versions prior to 19.3R3-S8 on MX Series; 19.4 versions prior to 19.4R3-S12 on MX Series; 20.1 version 20.1R1 and later versions on MX Series; 20.2 versions prior to 20.2R3-S8 on MX Series; 20.3 version 20.3R1 and later versions on MX Series; 20.4 versions prior to 20.4R3-S7 on MX Series; 21.1 versions prior to 21.1R3-S5 on MX Series; 21.2 versions prior to 21.2R3-S5 on MX Series; 21.3 versions prior to 21.3R3-S4 on MX Series; 21.4 versions prior to 21.4R3-S4 on MX Series; 22.1 versions prior to 22.1R3-S3 on MX Series; 22.2 versions prior to 22.2R3-S1 on MX Series; 22.3 versions prior to 22.3R3 on MX Series; 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-232
Improper Handling of Undefined Values
CVE-2023-36850
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 18:06
Updated-22 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet.

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S10 on MX Series; 19.2 versions prior to 19.2R3-S7 on MX Series; 19.3 versions prior to 19.3R3-S8 on MX Series; 19.4 versions prior to 19.4R3-S12 on MX Series; 20.1 version 20.1R1 and later versions on MX Series; 20.2 versions prior to 20.2R3-S7 on MX Series; 20.3 version 20.3R1 and later versions on MX Series; 20.4 versions prior to 20.4R3-S7 on MX Series; 21.1 versions prior to 21.1R3-S5 on MX Series; 21.2 versions prior to 21.2R3-S4 on MX Series; 21.3 versions prior to 21.3R3-S4 on MX Series; 21.4 versions prior to 21.4R3-S3 on MX Series; 22.1 versions prior to 22.1R3-S2 on MX Series; 22.2 versions prior to 22.2R3 on MX Series; 22.3 versions prior to 22.3R2, 22.3R3 on MX Series; 22.4 versions prior to 22.4R2 on MX Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CVE-2023-36839
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.65%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:56
Updated-18 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2; Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 version 21.1R1-EVO and later versions; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S3-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R1-S1-EVO;

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2019-0011
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.39%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 21:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011)

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CVE-2023-28981
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.65%
||
7 Day CHG+0.17%
Published-17 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash

An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28970
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.81%
||
7 Day CHG+0.15%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: JRR200: Kernel crash upon receipt of a specific packet

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosjrr200Junos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-28959
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG+0.02%
Published-17 Apr, 2023 | 00:00
Updated-03 Mar, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr_hostbound_packet_handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc_intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode (URI: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL) The logs list below can also be observed when this issue occurs fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107), scope: pfe, category: functional, severity: major, module: PE Chip, type: Description for PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107) in module: PE Chip with scope: pfe category: functional level: major fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a), scope: pfe, category: functional, severity: fatal, module: PE Chip, type: Description for PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal fpc0 Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.1R3-S10; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10002junosJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2023-22410
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.19%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak.

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22406
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22414
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10008qfx10002junosqfx10002-32qqfx10000qfx10002-72qqfx10016qfx10002-60cJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22405
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx5200-48yqfx5100-96sqfx5130ex4650qfx5210-64cqfx5220ex4600qfx5200qfx5200-32cqfx5210junosqfx5110qfx5120qfx5100ex4600-vcJunos OS
CWE ID-CWE-1250
Improper Preservation of Consistency Between Independent Representations of Shared State
CVE-2023-1697
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.93%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10008qfx10002junosqfx10000qfx10016ptx1000Junos OS
CWE ID-CWE-230
Improper Handling of Missing Values
CVE-2025-30646
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:53
Updated-26 Jan, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S6-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-195
Signed to Unsigned Conversion Error
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found