Juniper Networks last week published dozens of advisories detailing more than a hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products.
Three of the advisories are marked as ‘critical severity’ and all address security defects in third-party software used in the affected products.
The first resolves nine vulnerabilities in the open source data transfer tool cURL, including four critical-severity issues. Two of the critical bugs were disclosed in 2018 and two in 2023.
The second and third deal with vulnerabilities in third-party software included in Juniper Networks Junos cRPD and Cloud Native Router. Patches were released for more than 80 bugs, including eight critical-severity issues.
Juniper Networks also published 10 advisories dealing with high-severity flaws in Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center.
The most severe of the bugs is an information leak in Paragon Active Assurance versions 4.1.0 and 4.2.0 that could be exploited by a “network-adjacent attacker with root access to a Test Agent Appliance”.
Juniper also released patches for eight high-severity denial-of-service (DoS) issues in Junos OS and Junos OS Evolved that could be exploited by unauthenticated, network-based attackers.
The last high-severity advisory details three vulnerabilities in the libslax library included in Junos OS Evolved. All three bugs were disclosed in 2021.
Two dozen other advisories that Juniper Networks published last week address medium-severity vulnerabilities impacting Junos OS and Junos OS Evolved.
Successful exploitation of these issues could lead to DoS conditions, the disclosure of sensitive information, failure to block traffic, or failure to perform traffic authentication.
Juniper Networks customers are advised to update their appliances as soon as possible, as no workarounds are available for the most severe of these vulnerabilities.
Additional information can be found on Juniper Networks’ support portal.
Related: Juniper Networks Patches Vulnerabilities in Switches, Firewalls
Related: Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches
Related: Juniper Networks Patches Over 30 Vulnerabilities in Junos OS