Juniper Networks публикува ъпдейти, отстраняващи уязвимости в множество продукти. Нападател би използвал някои от тези уязвимости, за да придобие контрол над засегнатата система.
CERT България препоръчва на потребителите и администраторите да се запознаят със следните съвети за сигурност на Juniper и да приложат необходимите ъпдейти.
ScreenOS: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014)
Junos Space Security Director and Log Collector: Multiple vulnerabilities resolved in 17.2R1 release
CTPView: Multiple Linux kernel vulnerabilities
Junos Space: Multiple vulnerabilities resolved in 17.2R1 release
Junos OS: OpenSSH Memory exhaustion due to unregistered KEXINIT handler (CVE-2016-8858)
SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009)
Junos: commit script may allow unauthenticated root login upon reboot (CVE-2018-0008)
Junos: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006)
Junos OS: MAC move limit configured to drop traffic may forward traffic. (CVE-2018-0005)
Junos OS: Kernel Denial of Service Vulnerability (CVE-2018-0004)
Junos OS: A crafted MPLS packet may lead to a kernel crash (CVE-2018-0003)
Junos OS: Malicious LLDP crafted packet leads to privilege escalation, denial of service. (CVE-2018-0007)
Junos OS: MX series, SRX series: Denial of service vulnerability in Flowd on devices with ALG enabled. (CVE-2018-0002)
Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001) Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001)