Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than 70 vulnerabilities that affect its solutions.
US CISA also issued a security advisory to warn organizations of the security updates released by Juniper Networks.
“Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.” reads the advisory published by CISA. “CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.”
The flaws addressed by the company include remote code execution issues, privilege escalation, DoS vulnerabilities, and XSS.
The majority of the vulnerabilities affect Juniper’s Junos OS operating system, the most severe issues reside in the third-party components used by Contrail Insights and the Technology Session Smart Routers.
|CVE-2019-15605||9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)||HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed|
|CVE-2019-15606||9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)||Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons|
Juniper said that it is not aware of attacks in the wild exploiting any of the addressed vulnerabilities.
(SecurityAffairs – hacking, cyber security)