Juniper fixes multiple critical flaws in Juniper Secure Analytics

Juniper Networks has resolved multiple vulnerabilities in the Juniper Secure Analytics platform with the release of version 7.5.0 UP8 IF03. These vulnerabilities affect all versions prior to 7.5.0 UP8 and 7.5.0 UP8 IF02. The critical vulnerabilities addressed include:

1. CVE-2019-13224 (CVSS score 9.8) - A use-after-free vulnerability in Oniguruma 6.9.2 that can lead to potential information disclosure, denial of service, or code execution through crafted regular expressions. This issue impacts various applications utilizing the Oniguruma library.
2. CVE-2019-19012 (CVSS score 9.8) - An integer overflow in the Oniguruma 6.x (before 6.9.4_rc2) leads to out-of-bounds reads, enabling remote attackers to cause denial-of-service or information disclosure, and possibly further unspecified impacts through crafted regular expressions.
3. CVE-2019-15505 (CVSS score 9.8) - a flaw in drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
4. CVE-2023-5178 (CVSS score 9.8) -  A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
5. CVE-2023-25775 (CVSS score 9.8) - Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

The released patch contains over 200 patched flaws in total. Admins are advised to review the patch release and update their Juniper Secure Analytics