Juniper Networks, a networking, cloud and cybersecurity solutions provider, this week released advisories detailing tens of vulnerabilities found across its product portfolio, including critical bugs in third-party components of Junos OS and STRM.
One of the advisories addresses multiple critical-severity vulnerabilities in Expat (libexpat), a third-party stream-oriented XML parser library. Juniper’s advisory details 15 Expat vulnerabilities resolved with the latest Junos OS releases, seven of which are rated ‘critical severity’ (CVSS score of 9.8). Updates that address these vulnerabilities were released for Junos OS versions 19.4 to 22.2, and Juniper recommends using access lists or firewall filters to reduce the risks associated with these bugs.
Juniper also announced patches for CVE-2022-42889, a critical vulnerability in Apache Commons Text leading to remote code execution. Patches for multiple high-severity vulnerabilities impacting Junos OS and Junos OS Evolved were also released this week, the most severe of which could lead to command injection and code execution. In addition, Juniper resolved a severe bug in Paragon Active Assurance (formerly Netrounds) that could be exploited to bypass existing firewall rules and limitations. Multiple medium-severity issues in Junos OS could also allow an attacker to cause a DoS condition, send packets that were intended to be dropped, access sensitive information, bypass an integrity check, cause traffic to be allowed through, or bypass console access controls.
Juniper makes no mention of any of these vulnerabilities being exploited in attacks. Additional details on the addressed flaws can be found on the Juniper Networks security advisories page.
In summary, Juniper Networks this week published advisories detailing tens of vulnerabilities found across its product portfolio, including critical bugs in third-party components of Junos OS and STRM. Patches were released for multiple high-severity vulnerabilities impacting Junos OS and Junos OS Evolved, the most severe of which could lead to command injection and code execution. Juniper also released patches for multiple medium-severity issues in Junos OS that could allow an attacker to cause a DoS condition, send packets that were intended to be dropped, access sensitive information, bypass an integrity check, cause traffic to be allowed through, or bypass console access controls. Juniper recommends using access lists or firewall filters to reduce the risks associated with these bugs.
