Stock Market News

Tenable : Critical Vulnerability Fixes Available For Juniper Devices

January 11, 2019 at 12:54 am IST

Juniper has addressed multiple critical vulnerabilities in Junos, Junos Space, and JATP devices. Administrators are advised to update to the latest OS version on any affected Juniper device.

Background

Juniper has released a number of security advisories this week which include critical vulnerabilities across many of its devices. The Juniper Advanced Threat Prevention Appliance (JATP) update removes hardcoded admin credentials, while the Junos updates include patches for remote code execution (RCE) and denial of service (DoS) vulnerabilities. Junos Space network management devices are also vulnerable to a memory allocation vulnerability which could lead to DoS and RCE attacks as well.

Analysis

JSA10918 addresses 13 vulnerabilities, including CVE-2017-11610, CVE-2018-0020, and CVE-2019-0022 for Juniper's ATP, a malware defense appliance designed to detect and prevent malicious activity on a network. An attacker could gain access to this device with hardcoded administrator credentials and disable a core defense against malware.

Among the many Junos updates, CVE-2017-7375 and CVE-2016-4448 addressed in JSA10916 could allow a remote unauthenticated attacker to send specially crafted extensible markup language (XML) packets that lead to privilege escalation or format string manipulation. Format string vulnerabilities allow attackers to execute commands when the device should be reading this user input as simple text.

JSA10917 for Junos Space addresses CVE-2018-1126, which relates to similar Junos vulnerabilities mentioned above. Attackers could take control of network management devices such as a Junos Space Appliance and redirect traffic to malicious sources, further infecting more vulnerable assets.

Solution

Juniper recommends updating to the latest OS version of any of the affected devices or appliances you may have. Manual updates and appliance images can be found on Juniper's download site here.

Identifying affected systems

A list of Nessus plugins to identify these vulnerabilities will appear here as they're released.

Get more information

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Attachments

Original document
Permalink

Disclaimer

Tenable Holdings Inc. published this content on 10 January 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 10 January 2019 19:23:02 UTC

All News: More news

WestJet cancels more flights on third day of AMFA strike	12:52am	RE
Euro rises after France far-right win first round vote	12:41am	RE
EURO EDGES UP AFTER FAR-RIGHT WIN FIRST ROUND OF FRENCH ELECTION…	12:41am	RE
WestJet Issues Additional Cancellations Amid Third Day Of AMFA Strike	12:40am	RE
WESTJET- WILL OPERATE A REDUCED SCHEDULE WITH THE REMAINING FLEE…	12:40am	RE
WESTJET- CANCELLATIONS ARE ACCOMPANIED BY THE AIRLINE PARKING AD…	12:40am	RE
WESTJET- CANCELLED AN ADDITIONAL 410 OVERNIGHT TO TOTAL OF MORE…	12:39am	RE
WESTJET- ISSUES ADDITIONAL CANCELLATIONS AMID THIRD DAY OF AMFA…	12:38am	RE
US pushes for Boeing to plead guilty in connection with fatal crashes, sources say	12:27am	RE
U.S. NEGOTIATING PLEA AGREEMENT WITH BOEING ARISING FR…	12:27am	RE
Suspected suicide bombers kill at least 18 in Nigeria, authorities say	11:44pm	RE
Deutsche Bank bundles compliance and financial crime in a Management Board mandate	11:36pm	DP
Far-right National Rally leads first voting round of French parliament elections - exit polls	11:30pm	RE
Missile fragments hit apartment building in Kyiv suburb, damage balconies	11:10pm	RE
Pakistan finance minister confident about new IMF programme	11:09pm	RE