January 15, 2024 at 06:12AM
Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported.
Meeting Takeaways:
– Juniper Networks has published more than two dozen security advisories addressing over 100 vulnerabilities in its products, many of which impact third-party components.
– Patches and mitigations have been released, primarily for vulnerabilities affecting its Junos operating system.
– The most serious vulnerability, CVE-2024-21591, affects Junos OS on SRX series firewalls and EX series switches, allowing for a denial-of-service (DoS) condition or arbitrary code execution by an unauthenticated network-based attacker.
– Critical vulnerabilities in third-party components like Juniper Security Director Insights, Session Smart Router, and CTPView products have also been patched.
– A ‘high severity’ rating has been assigned to 10 vulnerabilities, several of which can lead to DoS conditions without authentication, privilege escalation, and sensitive information disclosure.
– Over a dozen security holes are of ‘medium severity’, with the majority being exploitable for DoS attacks, and one allowing an attacker to bypass firewall filters.
– Juniper is not currently aware of any attacks exploiting these vulnerabilities.