Juniper Networks Patches Over 60 Flaws in Junos, ATP Products
Juniper Networks this week launched patches for greater than 60 vulnerabilities in its Juniper Advanced Threat Prevention (ATP) equipment, Junos OS working machine, and Junos Space community control platform. Many of the safety holes affect third-party parts.
In Juniper ATP home equipment, the corporate addressed 13 flaws, together with chronic cross-site scripting (XSS), arbitrary command execution, hardcoded credentials, knowledge disclosure, and unprotected credentials problems.
Three of the vulnerabilities fastened in ATP units had been rated “critical,” together with ones associated with the lifestyles of hardcoded credentials and the garage of Splunk credentials in a record that may be accessed by means of authenticated native customers.
Another 3 flaws had been assigned a CVSS rating between 7.zero and eight.nine, which places them in the “high” severity class. The record contains problems associated with the insecure garage of keys used for essential operations in the WebUI interface, the logging of secret passphrase CLI inputs in transparent textual content, and a far flung command execution weak point in the XML-RPC server.
In the Junos OS working machine, which powers a lot of Juniper’s home equipment, the corporate addressed 8 vulnerabilities disclosed in the previous 3 years in the libxml2 library, which is used for parsing XML paperwork. Many of those libxml2 flaws had been assigned “critical” and “high” severity scores. They can also be exploited for denial-of-service (DoS) assaults and different functions.
Also in Junos OS, the corporate fastened two OpenSSL vulnerabilities patched by means of the OpenSSL Project closing yr.
Finally, Juniper patched just about 40 vulnerabilities in Junos Space. Nine safety holes – one rated “high” and the remaining “medium” – had been resolved in model 18.3R1.
The leisure have been fastened in model 18.4R1, together with one essential trojan horse that may end up in privilege escalation and arbitrary code execution. A majority of the vulnerabilities addressed in this model have a prime severity.
A majority of the Junos Space vulnerabilities affect third-party parts and they’ve been disclosed in 2017 and 2018. The impacted parts come with QEMU, the Linux kernel (together with SegmentSmack), Intel CPUs (LazyFP and L1TF vulnerabilities), the glibc library, procps-ng utilities, libvirt, GnuPG, Samba, BIND, the Web-Dorado Instagram Feed WD plugin, yum-utils equipment, the GlusterFS community filesystem, and Mozilla NSS (Network Security Services) libraries.
In addition to the patches launched this week, workarounds and mitigations also are to be had for probably the most impacted merchandise.