Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Juniper Networks Publishes Dozens of New Security Advisories

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

Juniper Networks last week published dozens of advisories detailing more than a hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products.

Three of the advisories are marked as ‘critical severity’ and all address security defects in third-party software used in the affected products.

The first resolves nine vulnerabilities in the open source data transfer tool cURL, including four critical-severity issues. Two of the critical bugs were disclosed in 2018 and two in 2023.

The second and third deal with vulnerabilities in third-party software included in Juniper Networks Junos cRPD and Cloud Native Router. Patches were released for more than 80 bugs, including eight critical-severity issues.

Juniper Networks also published 10 advisories dealing with high-severity flaws in Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center.

The most severe of the bugs is an information leak in Paragon Active Assurance versions 4.1.0 and 4.2.0 that could be exploited by a “network-adjacent attacker with root access to a Test Agent Appliance”.

Juniper also released patches for eight high-severity denial-of-service (DoS) issues in Junos OS and Junos OS Evolved that could be exploited by unauthenticated, network-based attackers.

The last high-severity advisory details three vulnerabilities in the libslax library included in Junos OS Evolved. All three bugs were disclosed in 2021.

Advertisement. Scroll to continue reading.

Two dozen other advisories that Juniper Networks published last week address medium-severity vulnerabilities impacting Junos OS and Junos OS Evolved.

Successful exploitation of these issues could lead to DoS conditions, the disclosure of sensitive information, failure to block traffic, or failure to perform traffic authentication.

Juniper Networks customers are advised to update their appliances as soon as possible, as no workarounds are available for the most severe of these vulnerabilities.

Additional information can be found on Juniper Networks’ support portal.

Related: Juniper Networks Patches Vulnerabilities in Switches, Firewalls

Related: Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches

Related: Juniper Networks Patches Over 30 Vulnerabilities in Junos OS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights