Juniper Networks has unveiled a slew of security advisories, highlighting over 100 vulnerabilities across various products including Junos OS and Junos OS Evolved. Among these, three advisories of critical severity target flaws in third-party software utilized within Juniper’s products. Notably, the first advisory addresses nine vulnerabilities in cURL, with four marked as critical, spanning disclosures from 2018 to 2023. Additionally, the second and third advisories tackle over 80 bugs, including eight critical-severity issues, within Juniper’s cRPD and Cloud Native Router components.
Of significant concern is a high-severity information leak identified in Paragon Active Assurance versions 4.1.0 and 4.2.0, posing a risk for network-adjacent attackers with root access to a Test Agent Appliance. Moreover, Juniper has issued patches for eight high-severity denial-of-service vulnerabilities in Junos OS and Junos OS Evolved, exploitable by unauthenticated network-based attackers. Furthermore, three vulnerabilities in the libslax library included in Junos OS Evolved, disclosed in 2021, warrant attention due to their high severity.
Juniper Networks underscores the urgency for its customers to promptly update their appliances, given the absence of available workarounds for the most severe vulnerabilities. These advisories cover a wide spectrum of risks, ranging from potential denial-of-service conditions to sensitive information disclosure and authentication failures. To facilitate swift action, users are directed to Juniper Networks’ support portal for comprehensive information and access to necessary patches to mitigate the identified security risks effectively.
