Juniper Networks、セキュリティアドバイザリ36件を公開 - 「クリティカル」も
Juniper Networksは、4月10日から11日にかけて複数のセキュリティアドバイザリを公表した。「クリティカル(Critical)」とされるものも含まれる。
あわせて36件のセキュリティアドバイザリを公表したもの。同社製品に関する脆弱性31件のほか、サードパーティ製ライブラリやコンポーネントに関する脆弱性などへ対処した。なかでも3件のアドバイザリについては、重要度を「クリティカル(Critical)」とレーティングしている。
具体的には、「Junos OS」「Junos OS Evolved」では、「cURLライブラリ」に関する脆弱性9件を修正。さらに「Juniper Cloud Native Router」「Juniper Networks Junos cRPD」のアップデートでは、サードパーティ製ライブラリに起因する脆弱性を含め、それぞれ82件の脆弱性を修正している。
いずれも共通脆弱性評価システム「CVSSv3.1」のベーススコアが「9.8」とされる脆弱性を含み、アドバイザリ全体のベーススコアとしても「9.8」と評価されている。
また10件のアドバイザリについては、重要度「高(High)」、のこる23件については「中(Medium)」とレーティングしている。
(Security NEXT - 2024/04/12 )
ツイート
関連リンク
- Juniper Networks:Junos OS and Junos OS Evolved: Multiple cURL vulnerabilities resolved.
- Juniper Networks:cRPD: Multiple vulnerabilities resolved in 23.4R1 release
- Juniper Networks:Juniper Cloud Native Router: Multiple vulnerabilities resolved in 23.4 release
- Juniper Networks:Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process (CVE-2024-30397)
- Juniper Networks:Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
- Juniper Networks:Junos OS and Junos OS Evolved: Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured (CVE-2024-30382)
- Juniper Networks:Junos OS: A specific EVPN type-5 route causes rpd crash (CVE-2024-30394)
- Juniper Networks:Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs (CVE-2024-30392)
- Juniper Networks:Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash (CVE-2024-21598)
- Juniper Networks:Paragon Active Assurance: probe_serviced exposes internal objects to local users (CVE-2024-30381)
- Juniper Networks:Junos OS Evolved: libslax: Multiple vulnerabilities in libslax resolved
- Juniper Networks:Junos OS: SRX4600 Series: A high amount of specific traffic causes packet drops and an eventual PFE crash (CVE-2024-30398)
- Juniper Networks:Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service (CVE-2024-30405)
- Juniper Networks:Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term (CVE-2024-30410)
- Juniper Networks:Junos OS: SRX Branch Series and SRX 4000 Series: When DNS proxy is configured and specific DNS queries are received, resolver's performance is degraded (CVE-2022-2795)
- Juniper Networks:Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash (CVE-2024-30386)
- Juniper Networks:Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes (CVE-2024-21618)
- Juniper Networks:Junos OS and Junos OS Evolved: A low-privileged user can access confidential information (CVE-2024-21615)
- Juniper Networks:Junos OS and Junos OS Evolved: l2cpd crash upon receipt of a specific TLV (CVE-2024-30380)
- Juniper Networks:Junos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman (CVE-2024-30401)
- Juniper Networks:Junos OS: SRX 300 Series: Specific link local traffic causes a control plane overload (CVE-2024-21605)
- Juniper Networks:Junos OS Evolved: Packets which are not destined to the device can reach the RE (CVE-2024-21590)
- Juniper Networks:Junos OS Evolved: Connection limits is not being enforced while the resp. rate limit is being enforced (CVE-2024-30390)
- Juniper Networks:Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash (CVE-2024-21593)
- Juniper Networks:Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes (CVE-2024-30403)
- Juniper Networks:Junos OS: EX4300 Series: If a specific CLI command is issued PFE crashes will occur (CVE-2024-30384)
- Juniper Networks:Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands (CVE-2024-30378)
- Juniper Networks:Junos OS: QFX5000 Series and EX Series: Specific malformed LACP packets will cause flaps (CVE-2024-30388)
- Juniper Networks:Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed (CVE-2024-30391)
- Juniper Networks:Junos OS: MX Series: In a scaled subscriber scenario if CoS information is gathered mgd processes gets stuck (CVE-2024-21610)
- Juniper Networks:Junos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated iked will crash due to a memory leak (CVE-2024-21609)
- Juniper Networks:Junos OS: ACX5448 & ACX710: Due to the interface flaps the PFE process can crash (CVE-2024-30387)
- Juniper Networks:Junos OS and Junos OS Evolved: The l2ald crashes on receiving telemetry messages from a specific subscription (CVE-2024-30402)
- Juniper Networks:Junos OS: EX4300 Series: Firewall filter not blocking egress traffic (CVE-2024-30389)
- Juniper Networks:Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials (CVE-2024-30406)
- Juniper Networks:Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS) (CVE-2024-30409)
- ジュニパーネットワークス
PR
関連記事
「SecHack365」の成果発表会、都内で2月28日に開催
公務員採用試験受験者の個人情報含む書類が所在不明 - 人事院
クラウドに不正アクセス、個人情報流出の可能性 - マイナビ
ファイル転送製品「FileZen」にRCE脆弱性 - すでに悪用被害も
JNSA、SecBoK人材スキルマップ2025年度版を公開 - 15の役割に再編
リフト券システムがランサム被害、個人情報流出の可能性 - ガーラ湯沢
手荷物配送サービス予約システムに攻撃、個人情報流出の可能性 - JAL
「SandboxJS」に脆弱性 - 1月下旬以降「クリティカル」7件目
「SandboxJS」に新たなクリティカル脆弱性4件 - 修正実施
「SolarWinds WHD」など4製品の脆弱性悪用に注意喚起 - 米当局
