Juniper Networks Patches Dozens of Vulnerabilities

October 14, 2024 at 09:15AM Juniper Networks has released patches addressing numerous vulnerabilities found in Junos OS, Junos OS Evolved, and various third-party components. This update aims to enhance security and protect users from potential threats. **Meeting Notes Takeaways:** 1. **Announcement**: Juniper Networks has released patches addressing multiple vulnerabilities. 2. **Affected Systems**: The vulnerabilities are … Read more

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw

July 1, 2024 at 02:34PM Juniper Networks released an emergency patch for a critical authentication bypass vulnerability, tracked as CVE-2024-2973, affecting Session Smart Router, Conductor, and WAN Assurance Router. The flaw, found internally, has the highest CVSS score of 10. Immediate updates for affected devices are recommended to prevent exploitation. Automatic updates will not disrupt … Read more

Juniper Networks flings out emergency patches for perfect 10 router vuln

July 1, 2024 at 07:38AM A critical vulnerability (CVE-2024-2973) in Juniper Networks routers scored a perfect 10 on CVSS systems. Juniper advised applying emergency patches due to an authentication bypass bug that could allow network-based attackers to take control. The bug affects Smart Session Router, Session Smart Conductor, and WAN Assurance Routers, potentially causing significant … Read more

Juniper Networks Warns of Critical Authentication Bypass Vulnerability

July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more

Juniper Networks Releases Critical Security Update for Routers

July 1, 2024 at 02:57AM Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against … Read more

Juniper releases out-of-cycle fix for max severity auth bypass flaw

June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more

Juniper Networks Publishes Dozens of New Security Advisories

April 15, 2024 at 09:54AM Juniper Networks recently released multiple advisories detailing over one hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products. Critical-severity issues were found in third-party software, including cURL and Junos cRPD. High-severity flaws impacting Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center were also addressed. Customers … Read more

Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process

January 30, 2024 at 10:36AM Juniper Networks disclosed and apologized for previously concealing vulnerabilities reported by watchTowr researcher Aliz Hammond. The company issued an out-of-cycle security advisory, separately disclosing four vulnerabilities with missing individual CVEs. The vulnerabilities affect J-Web in Junos OS SRX Series and EX Series. US CISA warned of the XSS vulnerability and … Read more

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

January 30, 2024 at 03:59AM Juniper Networks released out-of-band updates for high-severity flaws in SRX and EX Series, addressing missing authentication and cross-site scripting vulnerabilities. watchTowr Labs discovered and reported the issues. Temporary mitigations include disabling J-Web or restricting access. Earlier critical vulnerability fixes were also shipped. U.S. CISA added previously disclosed vulnerabilities to the … Read more

Thousands of Juniper Networks devices vulnerable to critical RCE bug

January 15, 2024 at 02:43PM Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised … Read more