On 14 July 2021, Juniper Networks (JN) published Security Advisories to address vulnerabilities in multiple products. The most critical of these flaws affect third-party software used in its products. Timely patching is recommended.
- The updates address flaws in Steel-Belted Radius (SBR) Carrier, Contrail Networking, CTPView, Contrail Insights, Junos Space, Junos OS, and Junos OS Evolved among others.
- JN’s third-party fixes addressed a number of older vulnerabilities, including:
- Notable flaws in JN products include:
- CVE-2021-0276, a stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier (used by telecom carriers) with EAP (Extensible Authentication Protocol) authentication configured. CVSS:3.1 score: 9.8.
- CVE-2021-0277, an Out-of-bounds Read vulnerability in Junos OS and Junos OS Evolved that have interfaces with Link Layer Discovery Protocol (LLDP) enabled. CVSS:3.1 score: 8.8
- If you are using any of the vulnerable products, timely implementation of the updates, workarounds, and mitigations from the Juniper Security Advisories is recommended.