Juniper Networks has published more than two dozen security advisories to inform customers about well over 100 vulnerabilities affecting its products, with a majority of the flaws impacting third-party components.
The company has released patches and mitigations for the vulnerabilities, most of which affect its Junos operating system.
The most serious of the flaws appears to be CVE-2024-21591, which affects Junos OS on SRX series firewalls and EX series switches.
The vulnerability can be exploited by an unauthenticated network-based attacker to cause a denial-of-service (DoS) condition or execute arbitrary code and obtain root privileges on the targeted appliance.
“This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory,” Juniper explained in its advisory.
Last week, Censys reported seeing over 11,500 instances of the impacted J-Web configuration interface exposed to the internet.
Critical vulnerabilities have also been patched in many third-party components present in Juniper Security Director Insights, Session Smart Router and CTPView products.
A ‘high severity’ rating has been assigned to 10 vulnerabilities, a majority of which can allow a network-based attacker to cause a DoS condition, without requiring authentication.
The list of high-severity flaws also includes privilege escalation, and sensitive information disclosure issues.
Over a dozen security holes are ‘medium severity’. A vast majority can be used for DoS attacks, and one could allow an attacker to bypass firewall filters.
Juniper is not aware of attacks exploiting these vulnerabilities.
Earlier this month, Hewlett Packard Enterprise (HPE) signed a definitive agreement to acquire Juniper Networks for $14 billion in cash.
*updated with information from Censys