Juniper Networks releases multiple security advisories, three critical
Take action: If you are using Juniper products, time to review the advisories. There are a bunch of them, focus on the critical ones since they are in underlying components that are well known and exploits can be easily constructed.
Learn More
Juniper Networks has issued a set of major security updates, releasing advisories for over a hundred vulnerabilities across its product line, including Junos OS, Junos OS Evolved, and other products.
Among these, three advisories are classified as critical due to security defects stemming from third-party software components:
- cURL Vulnerabilities The first critical advisory addresses nine vulnerabilities in the open-source data transfer tool cURL, which includes four critical-severity issues (CVE-2023-38545, CVE-2023-23914, CVE-2018-1000120, CVE-2018-1000122)
- cRPD third-party software used in Juniper Networks Junos cRPD, with seven critical-severity issues (CVE-2019-17041, CVE-2019-17042, CVE-2020-14343, CVE-2021-36159, CVE-2022-48522, CVE-2023-38408, CVE-2023-41913)
- Cloud Native Router third-party software used in Juniper Cloud Native Router, with eight critical-severity issues (CVE-2019-17041, CVE-2019-17042, CVE-2020-14343, CVE-2021-36159, CVE-2022-48522, CVE-2023-38408, CVE-2023-41913, CVE-2024-30407).
Apart from the critical advisories, Juniper released 11 high severity advisories affecting JunOS, JunOS Evolved and Paragon. In addition to the critical and high-severity issues, Juniper addressed two dozen other advisories concerning medium-severity vulnerabilities. These vulnerabilities could potentially lead to DoS conditions, disclosure of sensitive information, failure to block traffic, or failure to perform traffic authentication.
Juniper Networks urges customers to update their systems as soon as possible to mitigate these vulnerabilities, especially since there are no workarounds available for the most severe issues.
