According to its self-reported version number, a path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the self reported version of Junos OS on the remote device it is affected by a Denial of Service (DoS) vulnerability. A remote unauthenticated attacker can  exploit this, to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 15.1X49-D171 or 18.4R2. It is, therefore, affected by a vulnerability as referenced in the JSA10959 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 15.1X49-D171, 15.1X53-D496, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.3R3-S4, 17.4R1-S6, 18.1R2-S4, 18.2R1-S5, 18.3R1-S3, or 18.4R1-S2. It is, therefore, affected by a vulnerability as referenced in the JSA10960 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.3R3-S5, 17.4R1-S7, or 18.1R3-S5. It is, therefore, affected by multiple vulnerabilities as referenced in the JSA10948 advisory:
	- A denial of service (DoS) vulnerability exists in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2 due to       An HTTP POST request with a specially crafted 'Host' header field may cause a NULL pointer dereference and thus       cause a denial of service as demonstrated by the lack of a trailing ']' character in an IPv6 address. An       unauthenticated, remote attacker can exploit this to conduct a  denial of service attack on an arbitrary remote       host. (CVE-2018-15505)       
    - A denial of service (DoS) vulnerability exists in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2 due to       An HTTP POST request with a specially crafted 'Host' header field may cause a NULL pointer dereference and thus       cause a denial of service as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than       11. An unauthenticated, remote attacker can exploit this to conduct a  denial of service attack on an arbitrary       remote host. (CVE-2018-15504)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A denial of service (DoS) vulnerability exists in the MS-PIC component. An unauthenticated, remote attacker can exploit  this issue, via specially crafted SIP packet, to cause the  MS-PIC to stop responding.

According to its self-reported version number, the remote Junos Space version is prior to 19.2R1. It is, therefore, affected by multiple vulnerabilities:
    - A memory double free vulnerability exists in The libcurl API function called `curl_maprintf()` before version 7.51.0       due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. An unauthiticated remote attacker       can leverage this issue to perform unauthorized actions. This may aid in further attacks. (CVE-2016-8618) 

    - A denial of service (DoS) vulnerability exists in Node.js 6.16.0 and earlier due to that Keep-alive HTTP and HTTPS       connections can remain open and inactive for up to 2 minutes. An unauthenticated, remote attacker can exploit this       issue to cause a denial of service. (CVE-2016-8619)       
    - A vulnerability in curl before version 7.51.0 due to the use of an outdated IDNA 2003 standard to handle International       Domain Names. This could lead users to unknowingly issue network transfer requests to the wrong host. (CVE-2016-8625)

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the srxpfe process. An unauthenticated, remote attacker can exploit this issue, by sending a large amount of traffic to an affected SRX1500 device, causing it to fail to forward traffic.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a session fixation vulnerability in J-Web. This allows an unauthenticated, remote attacker to use social engineering techniques to fix and hijack a J-Web administrator's web session and potentially gain administrative access to the device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the flowd process. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending specific multicast packets to an affected device, to cause the device to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 12.3R12-S13, 12.3X48-D80, 14.1X53-D130, 15.1F6-S12, 15.1X49-D170, 15.1X53-D237, 16.1R3-S11, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.3R3-S4, 17.4R1-S6, 18.1R2-S4, 18.2R1-S5, 18.2X75-D40, 18.3R1-S3, or 18.4R1-S2. It is, therefore, affected by a vulnerability as referenced in the JSA10947 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 12.3X48-D80, 14.1X53-D51, 15.1F6-S13, 15.1X49-D171, 15.1X53-D238, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.3R3-S4, 17.4R1-S7, 18.1R2-S4, 18.2R1-S5, 18.2X75-D50, 18.3R1-S3, 18.4R1-S2, or 19.1R1-S1. It is, therefore, affected by a vulnerability as referenced in the JSA10949 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG). An unauthenticated, adjacent attacker can exploit this by continuously sending a specially crafted IPv6 packet to repeatedly crash the system and cause the device to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 12.3X48-D55, 12.3R12-S13, 15.1X49-D100, 15.1F6-S12, 16.1R3-S4, 16.2R1-S4, 17.1R1-S2, or 17.2R1. It is, therefore, affected by a vulnerability as referenced in the JSA10940 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the SIP ALG packet processing service which allows an attacker to cause a Denial of Service (DoS) to the device. A remote, unauthenticated attacker can exploit this by sending specific types of valid SIP traffic to the device to cause the flowd process to crash and generate a core dump while processing SIP ALG traffic. Continued receipt of these SIP packets will cause the device to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by an unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) which can result in a denial of service (DoS) condition. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted, malformed IPv4 packets to a victim device, including when these packets are forwarded directly through a device, provided that the malformed packet is not first de-encapsulated from an encapsulated format by a receiving device. This allows an attacker to cause the system to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability: PKI keys exported using the command 'run request security pki key-pair export' on Junos OS may have insecure file permissions.
This allows another user on the Junos OS device with shell access to read them. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a weakness in the Application Identification (app-id) signature update client. This allows an unauthenticated, remote attacker to perform a Man-in-the-Middle (MitM) attack which can compromise the integrity and confidentiality of the device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a memory leak vulnerability in the routing protocol process (rdp) which can result in a denial of service (DoS) condition. An unauthenticated, remote attacker can exploit this issue, by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device, to cause the system to stop responding. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted PIM messages, to crash the srxfpe process and cause an FPC reboot, leading to an extended denial of service condition and causing the system to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the flowd process on SRX 5000 devices when 'set security zones security-zone <zone> tcp-rst' is configured. An unauthenticated, remote attacker can send a crafted TCP packet to crash the flowd process and trigger a new session. Repeated crashes of the flowd daemon can result in an extended DoS condition.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to 12.3X48-D80. It is, therefore, affected by a vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions as referenced in the JSA10956 advisory.
Note that Nessus has not tested for this issue but has instead relied only  on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability which is when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text.
This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP as referenced in the JSA10969 advisory.

According to the self reported version of Junos OS on the remote device it is affected by a path traversal vulnerability with the Next-Generation Routing Engine. A local authenticated attacker can exploit this, to read sensitive file systems.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the SSL-Proxy feature on SRX devices, which fails to handle a hardware resource limitation that can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended DoS condition. An unauthenticated, remote attacker can exploit this issue, by convincing clients protected by the SRX device to initiate a connection with a malicious server, which will cause the system to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An authentication bypass vulnerability exists in Junos Device Manager. An authenticated, local attacker can exploit this to bypass regular security controls and take control of the system.

The version of Junos OS installed on the remote host is prior to 15.1R7-S5, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R3-S2, 17.3R3-S6, 17.4R2-S5, 18.1R3-S6, 18.2R2-S4, 18.2X75-D50, 18.3R1-S5, 18.4R2, or 19.1R1-S2. It is, therefore, affected by a vulnerability as referenced in the JSA10962 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 16.1R7-S3, 16.2R2-S9, 17.1R3, 17.2R3, 17.2X75-D105, 17.3R3-S2, 17.4R1-S7, 18.1R3-S2, 18.2R2, 18.2X75-D12, or 18.3R1-S4. It is, therefore, affected by a denial of service (DoS) vulnerability which exists in Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled due to a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled which may cause the local routing protocol daemon (RPD) process to crash and restart. An unauthenticated, local attacker can exploit this issue, via a certain sequence of BGP session restart, to cause a repeated crashes of the RPD process which can cause prolonged Denial of Service (DoS) as referenced in the JSA10943 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Junos OS installed on the remote host is prior to 17.1R3, 17.2R3, 17.3R3-S2, 17.4R2, 18.1R3, or 18.2R2.
It is, therefore, affected by a vulnerability as referenced in the JSA10938 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of the tested product installed on the remote host is prior to the fixed version in the advisory. It is, therefore, affected by a denial of service vulnerability that exists in RPD daemon. An unauthenticated, remote attacker can exploit this issue, by continuously sending a specific Draft-Rosen MVPN control packet, to repeatedly crash the RPD process causing a prolonged denial of service as referenced in the JSA10879 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Junos Space running on the remote device is < 17.2R2, and is therefore affected by a persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director. A remote authenticated attacker can exploit that to inject persistent and malicious scripts, steal information or perform actions.

The version of Junos OS installed on the remote host is prior to 12.3X48-D85, 15.1X49-D181, 17.4R1-S8, 18.1R3-S6, 18.2R2-S1, 18.3R1-S2, or 18.4R1-S1. It is, therefore, affected by a vulnerability as referenced in the JSA10946 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Junos Space running on the remote device is < 18.2R1, and is therefore affected by multiple vulnerabilities:

  - Due to untrusted search path vulnerability in ssh-agent.c in ssh-agent     in OpenSSH before 7.4, unauthenticated, remote attacker can execute execute     arbitrary local PKCS#11 modules by leveraging control over a forwarded     agent-socket. (CVE-2016-10009)    
  - In OpenSSH before 7.4, an authenticated local attacker can escalate     privileges via unspecified vectors, related to serverloop.c.     (CVE-2016-10010)     
  - authfile.c in sshd in OpenSSH before 7.4 does not properly consider the     effects of realloc on buffer contents. an authenticated local attacker     can obtain sensitive private-key information by leveraging access to a     privilege-separated child process. (CVE-2016-10011)     
  - In sshd in OpenSSH before 7.4, a local attacker can gain privileges by     leveraging access to a sandboxed privilege-separation process due to a     bounds check that's enforced by all by the shared memory manager.     (CVE-2016-10012)     
  - The process_open function in sftp-server.c in OpenSSH before 7.6 does not     properly prevent write operations in readonly mode, which allows local     attackers to create zero-length files. (CVE-2017-15906)     
  - A reflected cross-site scripting vulnerability in OpenNMS included     with Juniper Networks Junos Space may allow the stealing of sensitive     information or session credentials from Junos Space administrators or     perform administrative actions.  (CVE-2018-0046)

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability. With an insecure SSHD configuration in Juniper Device Manager, a remote, unauthenticated attacker can gain access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to 'yes'.

The version of tested product installed on the remote host is 18.2 prior to 18.2R1-S2, 18.2R2 on an EX4300-MP Series device with any lo0 filters applied. It is, therefore, affected by a vulnerability. The transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic as referenced in the JSA10933 advisory.
Note that Nessus has not tested for this issue but has instead relied only  on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a denial of service vulnerability in the Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment. A remote attacker can exploit it via sending a continuous, specially crafted DHCPv6 message which can result in a repeatedly jdhcpd daemon crash which lead to a denial of service condition as referenced in the JSA10889 advisory.
Note that Nessus has not tested for this issue but has instead relied only  on the application's self-reported version number.

The version of tested product installed on the remote host is 12.3 prior to 12.3R12-S12, 12.3X48 prior to 12.3X48-D76, 14.1X53 prior to 14.1X53-D48, 15.1 prior to 15.1R5, 15.1X49 prior to 15.1X49-D151, 15.1 prior to 15.1F6-S12 or 16.1 prior to 16.1R2. It is, therefore, affected by a denial of service (DoS) vulnerability. An unauthenticated, remote attacker can exploit this issue, via a crafted XML data input, to cause the system to stop responding and potentially with other possible unspecified impacts as referenced in the JSA10904 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10928 advisory. 

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques.
Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10929 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

The version of tested product installed on the remote host is 12.1X46 prior to 12.1X46-D82, 12.3X48 prior to 12.3X48-D80 or 15.1X49 prior to 15.1X49-D160. It is, therefore, affected by a vulnerability as referenced in the JSA10936 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a stack based overflow vulnerability in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series. A remote attacker can exploit it which can lead to a remote code execution  as referenced in the JSA10930 advisory.
Note that Nessus has not tested for this issue but has instead relied only  on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled. A remote attacker can exploit this by simulating a specific BGP session restart to cause a denial of service as referenced in the JSA10932 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability in the jdhcpd daemon due to failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this, via sending specific IPv6 DHCP packets to the jdhcpd daemon to cause a denial of service condition to clients requesting and not receiving IP addresses.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability in the management interface due to buffer space exhaustion. An unauthenticated, adjacent attacker can exploit this issue, via crafted packets destined to the management interface (fxp0) to cause the service to stop responding.

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability in the jdhcpd daemon due to failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this, via continuously sending a certain DHCPv6 solicit message to the jdhcpd daemon to cause the jdhcpd process to stop responding.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10931 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10922 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10925 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10935 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10924 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.

ID	Name	Severity
133050	Junos OS: Path traversal vulnerability in J-Web (JSA10985)	high
132959	Multiple Vulnerabilities in Juniper Junos (JSA10954)	high
132075	Junos OS: processing of specific transit IP packets in flowd, leading to Denial of Service (JSA10959)	high
132046	Juniper JSA10960	high
132038	Juniper Embedthis GoAhead Denial Of Service Vulnerabilities (JSA10948)	high
131944	Junos OS: processing of specific transit IP packets in flowd, leading to a Denial of Service Vulnerability (JSA10964)	high
131701	Juniper Junos Space < 19.2R1 Multiple Vulnerabilities (JSA10951)	critical
130520	Junos OS: srxpfe DoS (JSA10972)	high
130519	Junos OS: J-Web Session Fixation Vulnerability (JSA10961)	high
130518	Junos OS: Multicast flowd DoS (JSA10968)	high
130517	Juniper JSA10947	high
130516	Juniper JSA10949	medium
130515	Junos OS: MC-LAG DoS (JSA10966)	medium
130514	Juniper JSA10940	high
130505	Junos OS: SIP ALG flowd DoS (JSA10953)	high
130504	Junos OS: NG-mVPN rpd DoS (JSA10965)	high
130502	Junos OS: Insecure PKI key pair export file permissions (JSA10974)	high
130469	Junos OS: app-id Signature Update MitM (JSA10952)	high
130468	Junos OS: rdp Memory Leak DoS (JSA10957)	high
130467	Junos OS: srxpfe PIM DoS (JSA10976)	high
130466	Junos OS: flowd DoS (JSA10963)	high
130460	Juniper JSA10956	high
130459	Junos OS: Clear Text Authentication Credentials (JSA10969)	medium
130279	Juniper JSA10975	medium
130270	Junos OS: SSL-Proxy DoS (JSA10973)	high
130264	NFX Series: Authentication Bypass Vulnerability Juniper Device Manager (JDM) (JSA10955)	high
130053	Juniper JSA10962	high
127122	Juniper JSA10943	high
127056	Juniper JSA10938	medium
126925	Juniper JSA10879	high
126917	Juniper Junos Space < 17.2R2 Persistent XSS Vulnerability (JSA10881)	medium
126785	Juniper JSA10946	high
126510	Juniper Junos Space < 18.2R1 Multiple Vulnerabilities (JSA10880)	high
126508	NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS (JSA10878)	high
125774	Juniper JSA10933	high
125773	Juniper JSA10889	medium
125546	Juniper JSA10904	high
125309	Juniper JSA10928	high
124765	Juniper JSA10929	critical
124760	Juniper JSA10936	high
124327	Juniper JSA10930	critical
124238	Juniper JSA10932	high
124236	Juniper Junos memory consumption denial of service (JSA10920)	high
124195	Juniper Junos SRX crafted packets destined to fxp0 denial of service (JSA10927)	medium
124193	Juniper Junos jdhcpd crash denial of service (JSA10926)	high
124092	Juniper JSA10931 BGP Tracing DoS	high
124091	Juniper JSA10922	high
124031	Juniper JSA10925	critical
124030	Juniper JSA10935	high
124003	Juniper JSA10924	medium

Detections

Analytics

Junos Local Security Checks Family for Nessus

high

high

high

high

high

high

critical

high

high

high

high

medium

medium

high

high

high

high

high

high

high

high

high

medium

medium

high

high

high

high

medium

high

medium

high

high

high

high

medium

high

high

critical

high

critical

high

high

medium

high

high

high

critical

high

medium