Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates:
- ScreenOS: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014)
- Junos Space Security Director and Log Collector: Multiple vulnerabilities resolved in 17.2R1 release
- CTPView: Multiple Linux kernel vulnerabilities
- Junos Space: Multiple vulnerabilities resolved in 17.2R1 release
- Junos OS: OpenSSH Memory exhaustion due to unregistered KEXINIT handler (CVE-2016-8858)
- SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009)
- Junos: commit script may allow unauthenticated root login upon reboot (CVE-2018-0008)
- Junos: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006)
- Junos OS: MAC move limit configured to drop traffic may forward traffic. (CVE-2018-0005)
- Junos OS: Kernel Denial of Service Vulnerability (CVE-2018-0004)
- Junos OS: A crafted MPLS packet may lead to a kernel crash (CVE-2018-0003)
- Junos OS: Malicious LLDP crafted packet leads to privilege escalation, denial of service. (CVE-2018-0007)
- Junos OS: MX series, SRX series: Denial of service vulnerability in Flowd on devices with ALG enabled. (CVE-2018-0002)
- Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001) Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001)
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.