Critical Vulnerability Fixes Available For Juniper Devices
Juniper has addressed multiple critical vulnerabilities in Junos, Junos Space, and JATP devices. Administrators are advised to update to the latest OS version on any affected Juniper device.
Hintergrund
Juniper has released a number of security advisories this week which include critical vulnerabilities across many of its devices. The Juniper Advanced Threat Prevention Appliance (JATP) update removes hardcoded admin credentials, while the Junos updates include patches for remote code execution (RCE) and denial of service (DoS) vulnerabilities. Junos Space network management devices are also vulnerable to a memory allocation vulnerability which could lead to DoS and RCE attacks as well.
Analyse
JSA10918 addresses 13 vulnerabilities, including CVE-2017-11610, CVE-2018-0020, and CVE-2019-0022 for Juniper’s ATP, a malware defense appliance designed to detect and prevent malicious activity on a network. An attacker could gain access to this device with hardcoded administrator credentials and disable a core defense against malware.
Among the many Junos updates, CVE-2017-7375 and CVE-2016-4448 addressed in JSA10916 could allow a remote unauthenticated attacker to send specially crafted extensible markup language (XML) packets that lead to privilege escalation or format string manipulation. Format string vulnerabilities allow attackers to execute commands when the device should be reading this user input as simple text.
JSA10917 for Junos Space addresses CVE-2018-1126, which relates to similar Junos vulnerabilities mentioned above. Attackers could take control of network management devices such as a Junos Space Appliance and redirect traffic to malicious sources, further infecting more vulnerable assets.
Lösung
Juniper recommends updating to the latest OS version of any of the affected devices or appliances you may have. Manual updates and appliance images can be found on Juniper’s download site here.
Identifizieren betroffener Systeme
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Weitere Informationen
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Verwandte Artikel
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
Cybersecurity Snapshot: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for That!
March 10, 2023Learn about a new tool that streamlines MITRE ATT&CK mapping. Plus, known vulnerabilities remain a major cyber risk – just ask LastPass. Also, discover why SaaS data protection remains difficult. Plus, a look at the U.S. National Cybersecurity Strategy. And much more!
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Threat Management
- Vulnerability Management