21.07.2021 Juniper Networks Addressed Vulnerabilities in Multiple Products

by Elena Lapina

On 14 July 2021, Juniper Networks (JN) published Security Advisories to address vulnerabilities in multiple products. The most critical of these flaws affect third-party software used in its products. Timely patching is recommended.

Details

  • JN’s third-party fixes addressed a number of older vulnerabilities, including:
    • Junos Space version 21.2R1 addressing [CVE-2020-1472], a Netlogon Remote Protocol vulnerability patched in August 2020. CVSS:3.1 score: 10.
    • [CVE-2018-11218], a Memory Corruption flaw in the cmsgpack library fixed in Contrail Networking release 2011. CVSS:3.0 score: 9.8
  • Notable flaws in JN products include:
    • CVE-2021-0276, a stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier (used by telecom carriers) with EAP (Extensible Authentication Protocol) authentication configured. CVSS:3.1 score: 9.8.
    • CVE-2021-0277, an Out-of-bounds Read vulnerability in Junos OS and Junos OS Evolved that have interfaces with Link Layer Discovery Protocol (LLDP) enabled. CVSS:3.1 score: 8.8

Recommendations

  • If you are using any of the vulnerable products, timely implementation of the updates, workarounds, and mitigations from the Juniper Security Advisories is recommended.

References  Juniper Networks, The Canadian Centre for Cyber Security

 

Request Demo

Fill out the form and we will send you details about our demo.