Juniper Networks has addressed tens of vulnerabilities, including serious issues that can be exploited to take control of vulnerable systems.
The vendor has published 40 security advisories related to security vulnerabilities in the Junos OS operating system that runs on Juniper’s firewalls and other third-party components.
The vendor addressed multiple critical flaws in the Juniper Networks Mist Cloud UI. The vulnerabilities affect the Security Assertion Markup Language (SAML) authentication, they could be exploited by a remote attacker to bypass SAML authentication.
“Juniper Networks Mist Cloud UI, when SAML authentication is enabled, may incorrectly handle SAML responses, allowing a remote attacker to bypass SAML authentication security controls.” reads the security advisory published by Juniper.
“If SAML authentication is not enabled, the product is not affected. These vulnerabilities can be exploited alone or in combination. The CVSS score below represents the worst case chaining of these vulnerabilities.”
Multiple vulnerabilities in Juniper Networks Junos OS have been fixed by updating third party software included with Junos OS devices.
Juniper fixed a critical remote code execution vulnerability in Telnet server tracked as CVE-2020-10188.
“A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.” reads the advisory.
“This issue only affects systems with inbound Telnet service enabled. SSH service is unaffected by this vulnerability.”
The company also addressed high-severity denial-of-service (DoS) and arbitrary code execution issues.
The good news is that Juniper is not aware of attacks in the wild exploiting the vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also urges organizations to apply the security updates released by the vendor.
“Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.” reads alert issued by CISA.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.”
(SecurityAffairs – hacking, Junos)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.