The high severity vulnerability found in Junos Os has been fixed by Juniper Networks. Junos Os which is a FreeBSD-based network operating system, is used in the Juniper network routing, switching and security devices.
The operating system which has been in existence for over two decades and four years since its initial release, published 17 advisories that entails a dozen of Junos Os security weaknesses, and thrice the issues in third-party components used in its products.
Three major high-severity vulnerabilities were described in the Junos OS and Junos Os Evolved. These flaws which can be exploited by a threat actor, may lead to DoS (Denial-Of-Service). A list of Junos Os products such as QFX10000, MX, and SRX series networking devices are impacted.
Image Source: Google
A list of other advisories totaling eight in number, with a severity score rating to be medium, impacts on the Junos OS and Junos OS evolved, that may lead to DoS (Denial-Of-Service) as well.
Juniper networks has taken a swift action in releasing security updates addressing these flaws (A total number of 11-vulnerabilites), and also addressing there are no work around addressing these issues.
They also announced that software updates for the series SRX, and MRX devices are available, to address and resolve the high issue discovered in the IDS (Intrusion Prevention System), and IPS (Intrusion Prevention System), which gives an attacker access without authentication on the network to conduct a DoS (Denial-Of-Service) as well.
Other security updates and patches addressed in the Junos OS and Junos Evolved updates includes 17-security bugs that were discovered in PHP, Message Queuing Telemetry Transport (MQTT), and NTP and other publicly disclosed vulnerabilities over the years.
The two vulnerabilities addressed in the PHP bugs are assigned the CVE-2021-21708 and CVE-2022-31627, and are rated Critical.
Juniper Networks on 12th July 2023, released a new version termed Junos Space Version 23.1R1, which addresses the patches for the discovered vulnerabilities totaling 10 in number, in the third-party software.
Other updates released include Contrail Cloud version 16.3.0 which also address a critical bug in Rack. Juniper Network customers are advised to apply this security immediate immediately, and contact support team for further assistance.
Put your comments below in the comment section on your thoughts about this.