SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Juniper Networks Publishes Dozens of New Security Advisories

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

Juniper Networks last week published dozens of advisories detailing more than a hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products.

Three of the advisories are marked as ‘critical severity’ and all address security defects in third-party software used in the affected products.

The first resolves nine vulnerabilities in the open source data transfer tool cURL, including four critical-severity issues. Two of the critical bugs were disclosed in 2018 and two in 2023.

The second and third deal with vulnerabilities in third-party software included in Juniper Networks Junos cRPD and Cloud Native Router. Patches were released for more than 80 bugs, including eight critical-severity issues.

Juniper Networks also published 10 advisories dealing with high-severity flaws in Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center.

The most severe of the bugs is an information leak in Paragon Active Assurance versions 4.1.0 and 4.2.0 that could be exploited by a “network-adjacent attacker with root access to a Test Agent Appliance”.

Juniper also released patches for eight high-severity denial-of-service (DoS) issues in Junos OS and Junos OS Evolved that could be exploited by unauthenticated, network-based attackers.

The last high-severity advisory details three vulnerabilities in the libslax library included in Junos OS Evolved. All three bugs were disclosed in 2021.

Advertisement. Scroll to continue reading.

Two dozen other advisories that Juniper Networks published last week address medium-severity vulnerabilities impacting Junos OS and Junos OS Evolved.

Successful exploitation of these issues could lead to DoS conditions, the disclosure of sensitive information, failure to block traffic, or failure to perform traffic authentication.

Juniper Networks customers are advised to update their appliances as soon as possible, as no workarounds are available for the most severe of these vulnerabilities.

Additional information can be found on Juniper Networks’ support portal.

Related: Juniper Networks Patches Vulnerabilities in Switches, Firewalls

Related: Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches

Related: Juniper Networks Patches Over 30 Vulnerabilities in Junos OS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

More People On The Move

Expert Insights

Related Content

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

March 26, 2014
ChatGPT attack ChatGPT attack

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

March 28, 2023
16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

January 5, 2023
Burglars Can Easily Disable SimpliSafe Alarms: Researcher

Vulnerabilities

Burglars Can Easily Disable SimpliSafe Alarms: Researcher

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

February 18, 2016
vector embeddings vector embeddings

Risk Management

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

February 2, 2023
Russia hackers hit Microsoft Russia hackers hit Microsoft

Cybercrime

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

July 11, 2023
Microsoft AI Microsoft AI

Vulnerabilities

Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

March 14, 2023
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

IoT Security

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

February 9, 2023