Juniper Networks, a manufacturer of networking equipment, has announced the release of patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. Among these vulnerabilities are nine high-severity flaws. The most critical of these flaws allows an unauthorized attacker with local access to a vulnerable device to create a backdoor with root privileges. This vulnerability, tracked as CVE-2023-44194 and scoring 8.4 on the CVSS scale, is due to improper permissions associated with a system directory.
Juniper’s patches also address six high-severity vulnerabilities that could potentially lead to denial of service (DoS) attacks. Five of these vulnerabilities can be exploited remotely without requiring authentication. Both Junos OS and Junos OS Evolved are affected by two additional high-severity flaws, which can be exploited to impact device stability and compromise the confidentiality and integrity of device operations.
The remaining vulnerabilities resolved by the latest updates are of medium severity and could lead to a range of issues including DoS conditions, bypassing access restrictions, compromising system integrity and availability, leaking credentials and configuration changes, causing DMA memory leaks, or incorrect forwarding of MAC addresses.
Furthermore, Juniper has also released patches for medium-severity vulnerabilities found in third-party software used within Junos OS and Junos OS Evolved, including vulnerabilities in NTP and cryptographic algorithms.
The software updates addressing these vulnerabilities are available for various versions of Junos OS and Junos OS Evolved. Juniper Networks has not received any reports of these vulnerabilities being exploited in malicious attacks. However, users are strongly advised to apply the patches promptly, as networking products, including Juniper devices, have previously been targeted by exploits. Additional information can be found on Juniper’s support portal.
In related news, Juniper appliances have recently been found to be vulnerable to a new exploit, and previous Juniper flaws have been exploited in attacks following the publication of proof-of-concept exploits. Juniper Networks has consistently worked to patch and address vulnerabilities in Junos OS to enhance the security of their products.