Juniper Networks Patches Dozens of Vulnerabilities

Share This Post

Juniper Networks has released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components.

Fixes were announced for roughly a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon.

According to Juniper, network-based, unauthenticated attackers can send malformed BGP packets or updates, specific HTTPS connection requests, crafted TCP traffic, and MPLS packets to trigger these bugs and cause denial-of-service (DoS) conditions.

Patches were also announced for multiple medium-severity issues affecting components such as PFE, RPD, PFE management daemon (evo-pfemand), command line interface (CLI), AgentD process, packet processing, flow processing daemon (flowd), and the local address verification API.

Successful exploitation of these vulnerabilities could allow attackers to cause DoS conditions, access sensitive information, gain full control of the device, cause issues for downstream BGP peers, or bypass firewall filters.

Juniper also announced patches for vulnerabilities affecting third-party components such as C-ares, Nginx, PHP, and OpenSSL.

The Nginx fixes resolve 14 bugs, including two critical-severity flaws that have been known for more than seven years (CVE-2016-0746 and CVE-2017-20005).

Juniper has patched these vulnerabilities in Junos OS Evolved versions 21.2R3-S8-EVO, 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, 24.2R2-EVO, and all subsequent releases.

Advertisement. Scroll to continue reading.

Junos OS versions 21.2R3-S8, 21.4R3-S8, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S4, 23.2R2-S2, 23.4R1-S2, 23.4R1-S2, 23.4R2-S1, 24.2R1, and all subsequent releases also contain the fixes.

Juniper also announced patches for a high-severity command injection defect in Junos Space that could allow an unauthenticated, network-based attacker to execute arbitrary shell commands via crafted requests, and an OS command issue in OpenSSH.

The company said it was not aware of these vulnerabilities being exploited in the wild. Additional information can be found on Juniper Networks’ security advisories page.

Related: Jenkins Patches High-Impact Vulnerabilities in Server and Plugins

Related: Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC

Related: F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus

Related: GitLab Security Update Patches Critical Vulnerability

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .