Menu
Juniper patches high-risk flaws in Junos OS

Juniper patches high-risk flaws in Junos OS

Attackers could exploit the flaws to gain admin access or cause denial-of-service conditions

Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.

The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.

The flaw was fixed in Junos OS 12.1X46-D45, 12.1X46-D46, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D25, 13.3R10, 13.3R9-S1, 14.1R7, 14.1X53-D35, 14.2R6, 15.1A2, 15.1F4, 15.1X49-D30 and 15.1R3. A temporary workaround is to disable J-Web or to limit which IP addresses can access the interface.

The company also fixed several vulnerabilities that can lead to denial of service conditions. One of them can be used to crash the kernel of a Junos OS device with a 64-bit architecture by sending a specially crafted UDP packet destined to an interface IP address of the device itself.

Another kernel crash can be triggered with specially crafted ICMP packets sent to Junos OS devices configured with a GRE or IPIP tunnel. The attack requires knowledge of network-specific information.

High-End SRX-Series chassis, configured in either standalone or cluster mode, are susceptible to several denial-of-service conditions if the in-transit traffic matches one or more ALG (application layer gateway) rules.

Another Junos patch fixes a potential networking data leak -- mbuf leak -- when source and destination MAC addresses of Ethernet frames with the EtherType field of IPv6 (0x86DD) are flooded into the VPLS instance.

One interesting patch is for a crypto vulnerability that affects device-to-device communication protocols using IKE/IPsec public-key authentication. It turns out that Junos OS would accept a self-signed certificate as valid if the certificate's issuer name matched one of the valid certificate authority (CA) certificates enrolled in Junos.

Finally, one fix reverts a issue with SRX Series devices that were upgraded to Junos OS 12.1X46. If the devices was upgraded using the "request system software" command with the "partition" option the update might have failed and the devices might have been left in a safe mode authentication state that allows logging in as the root account with no password.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments