Juniper Networks, one of the world’s largest network equipment suppliers, has provided updates to patch numerous security vulnerabilities in device operating systems and network services. The manufacturer lists a total of 34 security reports on the vulnerabilities.
The vulnerabilities range from the ability to inject and execute scripts, through escalating the rights of registered users, to denial-of-service vulnerabilities that attackers could use to paralyze devices. In some cases remote attackers could have triggered this with manipulated packets, for example, in other cases users have to be logged on locally to provoke the errors. Furthermore, Juniper cloud solutions apparently contain Log4j and thus inherit the security vulnerabilities therein.
Various versions of the operating systems are affected Junos OS, Junos OS Evolved or about the cloud network system Contrail Networking. In addition, the operating systems are sometimes only affected by the security gaps on some of the platforms. Attackers would only have them on devices of the MX- or SRX-Series can abuse, other vulnerabilities, however, only in the vMX- and MX150 Series. This is only an excerpt, other model series are susceptible to other gaps.
On the website with the Security alerts from Juniper Administrators and IT managers will find the 34 security bulletins from January 2022. In them, the manufacturer also explains details about the vulnerabilities. Juniper also names vulnerable versions there and links the download page to the software patches that plug the gaps.