Juniper Networks has shipped security patches to cover numerous vulnerabilities across its product portfolio, including a series of critical bugs in third-party software used in the company’s products.
The most important of the vulnerabilities is CVE-2021-0276 (CVSS score of 9.8), a stack-based buffer overflow in Juniper Networks SBR Carrier with EAP. An attacker could exploit it by sending specific packets to cause a denial of service condition or to execute code remotely, Juniper warned in an advisory.
“By continuously sending these specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS),” the company said.
Juniper Networks SBR Carrier 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; and 8.6.0 versions prior to 8.6.0R4 are impacted if EAP authentication is configured and if Enhanced EAP Logging and TraceLevel setting of 2 are in use.
[Related: Juniper Networks Patches Critical Vulnerabilities in Firewalls ]
Additionally, Juniper Networks published several advisories to announce the release of fixes for multiple vulnerabilities that affect third party software used in its products.
The most important of these is a patch for Junos Space that addresses CVE-2020-1472, a critical (CVSS score of 10) vulnerability in the Netlogon Remote Protocol (MS-NRPC) that Microsoft patched in August 2020. Junos Space 21.2R1 patches this bug and 34 other vulnerabilities, including another critical flaw, several high-severity issues, and multiple medium-risk ones.
By updating third party software, Juniper Networks also patched critical vulnerabilities in Juniper Contrail Insights, CTPView, and Contrail Networking, as well as high-severity bugs in Secure Analytics, Junos OS, and Junos OS Evolved. Multiple other lower severity flaws were also addressed in these products.
Related: Juniper Networks Patches Critical Vulnerabilities in Firewalls
Related: Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices
More from Ionut Arghire
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Tor Network Under DDoS Pressure for 7 Months
- Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
Latest News
- Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
