April 15, 2024 at 09:54AM
Juniper Networks recently released multiple advisories detailing over one hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products. Critical-severity issues were found in third-party software, including cURL and Junos cRPD. High-severity flaws impacting Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center were also addressed. Customers are urged to update their appliances promptly.
Based on the meeting notes, the key takeaways are:
– Juniper Networks has published numerous advisories detailing over a hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products.
– Three advisories are marked as ‘critical severity’ and address security defects in third-party software used in the affected products.
– The first advisory resolves nine vulnerabilities in the open source data transfer tool cURL, including four critical-severity issues.
– The second and third advisories deal with vulnerabilities in third-party software included in Juniper Networks Junos cRPD and Cloud Native Router. Patches were released for more than 80 bugs, including eight critical-severity issues.
– Juniper Networks also published advisories dealing with high-severity flaws in various products.
– The most severe bug is an information leak in Paragon Active Assurance versions 4.1.0 and 4.2.0 that could be exploited by a “network-adjacent attacker with root access to a Test Agent Appliance”.
– Patches were also released for high-severity denial-of-service (DoS) issues in Junos OS and Junos OS Evolved, as well as vulnerabilities in the libslax library included in Junos OS Evolved.
– Successful exploitation of these vulnerabilities could lead to various consequences, including DoS conditions, disclosure of sensitive information, failure to block traffic, or failure to perform traffic authentication.
– Juniper Networks customers are advised to update their appliances as soon as possible, as no workarounds are available for the most severe vulnerabilities.
For additional information, Juniper Networks’ support portal can be referenced for details on the advisories and patches. Additionally, related articles on Juniper Networks’ patching vulnerabilities in switches, firewalls, and critical remote code execution flaw in firewalls and switches provide further context on recent developments.