Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Juniper Networks Released Fixes For Critical Vulnerabilities
Table Of Content
Home

Resources

Blog
Jul 18, 2022
2 Mins Read

Juniper Networks Released Fixes For Critical Vulnerabilities

CISA advised users and administrators to apply recently released fixes in Juniper Networks products due to several critical vulnerabilities and stated, “An attacker could exploit some of these vulnerabilities to take control of an affected system.”

The affected products are listed as: 

  • Juniper Networks Junos Space versions before 22.1R1 
  • Junos Space Policy Enforcer before version 22.1R1 (CentOS 6.8) 
  • NorthStar Controller versions before 5.1.0 Service Pack 6 and 6 versions before 6.2.2 
  • Juniper Networks Contrail Networking versions before 21.4.0 

All security updates can be found on Juniper Networks’ Security Advisory and the software patches along with updates on the Software Downloads page.

Affected Juniper Networks Products

Junos Space 

Thirty-one critical flaws in Junos Space are patched, which were discovered in various third-party products, including Nginx resolver, Oracle Java SE, OpenSSH, RPM package manager, Samba, OpenSSL, Kerberos, MySQL Server, curl, and the Linux kernel. 

The most critical vulnerability in Junos Space is CVE-2021-23017, with a 9.4 CVSS score. It’s a vulnerability in the Nginx resolver. An attacker who can forge UDP packets from the DNS server could cause 1-byte memory overwrite and crash worker process. 

CentOS 6.8 

There are several known vulnerabilities in CentOS 6.8, which were distributed with Junos Space Policy Enforcer before version 22.1R1. Juniper Network’s SIRT hasn’t discovered any exploitation of this vulnerability. 

NorthStar Controller 

The Northstar Controller has been patched in versions 5.1.0 Service Pack 6 and 6.2.2 for the same security flaw (CVE-2021-23017). 

Juniper Networks Contrail Networking 

There are also 166 security flaws in its Contrail Networking product that affect all versions before 21.4.0 and have been assigned the maximum CVSS score of 10.0. Several integer overflows in libgfortran, listed as CVE-2014-5044, can be used by remote attackers to run arbitrary code or bring down a Fortran application via vectors related to array allocation. 

Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024
SOCRadar® Cyber Intelligence Inc. | Cyber Reflections of Iran's Attack on Israel
Cyber Reflections of Iran's Attack on Israel
Apr 15, 2024