"Juniper Networks Patches Dozens of Vulnerabilities"
Juniper Networks has recently released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components. Fixes were announced for around a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon. Juniper noted that network-based, unauthenticated attackers can send malformed BGP packets or updates, specific HTTPS connection requests, crafted TCP traffic, and MPLS packets to trigger these bugs and cause denial-of-service (DoS) conditions. Patches were also announced for multiple medium-severity issues affecting components such as PFE, RPD, PFE management daemon (evo-pfemand), command line interface (CLI), AgentD process, packet processing, flow processing daemon (flowd), and the local address verification API. Juniper noted that successful exploitation of these vulnerabilities could allow attackers to cause DoS conditions, access sensitive information, gain full control of the device, cause issues for downstream BGP peers, or bypass firewall filters. Juniper has patched these vulnerabilities in Junos OS Evolved versions 21.2R3-S8-EVO, 21.4R3-S9-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, 24.2R2-EVO, and all subsequent releases. Juniper noted that Junos OS versions 21.2R3-S8, 21.4R3-S8, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S4, 23.2R2-S2, 23.4R1-S2, 23.4R1-S2, 23.4R2-S1, 24.2R1, and all subsequent releases also contain the fixes.
SecurityWeek reports: "Juniper Networks Patches Dozens of Vulnerabilities"