Juniper Security Updates for Multiple Products - 20240415003¶
Overview¶
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
What is the vulnerability ?¶
Vulnerabilities listed in the latest security bulletins includes buffer overflows capable of bypassing authentication and performing RCE. A few notable vulnerabilities are listed below, but a complete list can be found on the Juniper Security Bulletin, agencies that use any Juniper products are advised to review the entries from 2024-04-10 until present.
CVE | Vulnerability Name | Security Update Released | Threat Description | Action |
---|---|---|---|---|
Article ID: JSA79108 Overall CVSSv3: 9.8 CRITICAL | Junos OS: Multiple cURL vulnerabilities resolved | 2024-03-28 | Multiple vulnerabilities have been resolved in Juniper Networks Junos OS and Junos OS Evolved by updating cURL libraries. The most severe of which makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. | Immediately apply updates per vendor instructions. |
Article ID: JSA79094 Overall CVSSv3: 7.5 HIGH | Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash (CVE-2024-30394). | 2024-04-10 | A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (rpd) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). | Immediately apply updates per vendor instructions. |
Article ID: JSA79174 Overall CVSSv3: 7.5 HIGH | Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured (CVE-2024-30382) | 2024-04-10 | An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). | Immediately apply updates per vendor instructions. |
Article ID: JSA79179 Overall CVSSv3: 7.5 HIGH | Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process (CVE-2024-30397). | 2024-04-10 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. | Immediately apply updates per vendor instructions. |
Article ID: JSA79100 CVSSv3: 5.8 MEDIUM | Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term (CVE-2024-30410). | 2024-04-11 | An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface (ex. ge-0/0/0) firewall filter. | Apply updates per vendor instructions. |
Recommendation¶
The WA SOC recommends administrators review the full bulletin by Juniper and apply the solutions as per vendor instructions to all affected platforms: https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=%5BSecurity%20Advisories%5D