CERT mailing list archives
Juniper Networks Releases Security Updates
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 11 Jan 2018 12:07:44 -0600
U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Juniper Networks Releases Security Updates [ https://www.us-cert.gov/ncas/current-activity/2018/01/11/Juniper-Networks-Releases-Security-Updates ] 01/11/2018 12:14 PM EST Original release date: January 11, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates: * ScreenOS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10841&cat=SIRT_1&actp=LIST ]: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014) * Junos Space Security Director and Log Collector [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10840&cat=SIRT_1&actp=LIST ]: Multiple vulnerabilities resolved in 17.2R1 release * CTPView [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10839&cat=SIRT_1&actp=LIST ]: Multiple Linux kernel vulnerabilities * Junos Space [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838&cat=SIRT_1&actp=LIST ]: Multiple vulnerabilities resolved in 17.2R1 release * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10837&cat=SIRT_1&actp=LIST ]: OpenSSH Memory exhaustion due to unregistered KEXINIT handler (CVE-2016-8858) * SRX Series [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836&cat=SIRT_1&actp=LIST ]: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10835&cat=SIRT_1&actp=LIST ]: commit script may allow unauthenticated root login upon reboot (CVE-2018-0008) * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10834&cat=SIRT_1&actp=LIST ]: bbe-smgd process denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006) * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10833&cat=SIRT_1&actp=LIST ]: MAC move limit configured to drop traffic may forward traffic. (CVE-2018-0005) * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10832&cat=SIRT_1&actp=LIST ]: Kernel Denial of Service Vulnerability (CVE-2018-0004) * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10831&cat=SIRT_1&actp=LIST ]: A crafted MPLS packet may lead to a kernel crash (CVE-2018-0003) * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10830&cat=SIRT_1&actp=LIST ]: Malicious LLDP crafted packet leads to privilege escalation, denial of service. (CVE-2018-0007) * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10829&cat=SIRT_1&actp=LIST ]: MX series, SRX series: Denial of service vulnerability in Flowd on devices with ALG enabled. (CVE-2018-0002) * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10828&cat=SIRT_1&actp=LIST ]: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001) Junos: Unauthenticated Remote Code Execution through J-Web interface (CVE-2018-0001) ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Juniper Networks Releases Security Updates US-CERT (Jan 11)
- <Possible follow-ups>
- Juniper Networks Releases Security Updates US-CERT (Apr 13)
- Juniper Networks Releases Security Updates US-CERT (Jul 12)
- Juniper Networks Releases Security Updates US-CERT (Oct 10)