Menu
Juniper patches high-risk flaws in Junos OS

Juniper patches high-risk flaws in Junos OS

Attackers could exploit the flaws to gain admin access or cause denial-of-service conditions

Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.

The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.

The flaw was fixed in Junos OS 12.1X46-D45, 12.1X46-D46, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D25, 13.3R10, 13.3R9-S1, 14.1R7, 14.1X53-D35, 14.2R6, 15.1A2, 15.1F4, 15.1X49-D30 and 15.1R3. A temporary workaround is to disable J-Web or to limit which IP addresses can access the interface.

The company also fixed several vulnerabilities that can lead to denial of service conditions. One of them can be used to crash the kernel of a Junos OS device with a 64-bit architecture by sending a specially crafted UDP packet destined to an interface IP address of the device itself.

Another kernel crash can be triggered with specially crafted ICMP packets sent to Junos OS devices configured with a GRE or IPIP tunnel. The attack requires knowledge of network-specific information.

High-End SRX-Series chassis, configured in either standalone or cluster mode, are susceptible to several denial-of-service conditions if the in-transit traffic matches one or more ALG (application layer gateway) rules.

Another Junos patch fixes a potential networking data leak -- mbuf leak -- when source and destination MAC addresses of Ethernet frames with the EtherType field of IPv6 (0x86DD) are flooded into the VPLS instance.

One interesting patch is for a crypto vulnerability that affects device-to-device communication protocols using IKE/IPsec public-key authentication. It turns out that Junos OS would accept a self-signed certificate as valid if the certificate's issuer name matched one of the valid certificate authority (CA) certificates enrolled in Junos.

Finally, one fix reverts a issue with SRX Series devices that were upgraded to Junos OS 12.1X46. If the devices was upgraded using the "request system software" command with the "partition" option the update might have failed and the devices might have been left in a safe mode authentication state that allows logging in as the root account with no password.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments