Juniper Networks Releases Security Updates for Multiple Products - 20230113002¶
Overview¶
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
What is the vulnerability ?¶
Out of Juniper Networks vulnerabilities security update, a few more notable vulnerabilities are listed below due to the high CVE severity score.
| CVE | Vulnerability Name | Security Update Released | Threat Description | Action |
|---|---|---|---|---|
| Article ID: JSA70185 Overall CVSSv3: 9.8 CRITICAL | Junos Spaces: Multiple Vulnerabilities have been resolved 22.3R1 release | 2023-01-11 | Multiple vulnerabilities have been resolved in the Junos Space 22.3R1 release by updating third party software included with Junos Space or by fixing vulnerabilities found during external security research. These issues affect Juniper Networks Junos Space versions prior to 22.3R1. These issue were discovered during external security research. | Immediately apply updates per vendor instructions. |
| Article ID: JSA70183 Overall CVSSv3: 9.8 CRITICAL | Contrail Cloud: Multiple Vulnerabilities have been resolved in Contrail Cloud release 13.7.0 | 2023-01-11 | Multiple vulnerabilities in third party software used in Juniper Networks Contrail Cloud in release 13.7.0. Contrail Cloud's Red Hat OpenStack Platform 13.0.z15 with Red Hat Enterprise Linux 7.9.6 on x86_64 has been upgraded to Red Hat OpenStack Platform 13.0.z16 with Red Hat Enterprise Linux 7.9.6 on x86_64. These issues potentially affect all Juniper Networks Contrail Cloud versions prior to 13.7.0. Juniper SIRT is not aware of any malicious exploitation of any of these vulnerabilities. | Immediately apply updates per vendor instructions. |
| CVE-2023-22396 CVSSv3: 7.5 HIGH | Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak, leading to a Denial of Service (DoS) | 2023-01-11 | An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. | Immediately apply updates per vendor instructions. |
| CVE-2023-22410 CVSSv3: 7.5 HIGH | Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak | 2023-01-11 | A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". | Immediately apply updates per vendor instructions. |
| CVE-2019-11287 CVSSv3: 7.5 HIGH | Northstar Controller: Pivotal RabbitMQ contains a web management plugin that is vulnerable to a Denial of Service (DoS) attack | 2023-01-11 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.This issue affects Juniper Networks NorthStar Controller versions prior to 6.2.3. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.. | Immediately apply updates per vendor instructions. |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected platforms:\ https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=%5BSecurity%20Advisories%5D
Additional References¶
- https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22396
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22410
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11287