CERT mailing list archives

Juniper Networks Releases Security Updates

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 11 Jan 2018 12:07:44 -0600
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



Juniper Networks Releases Security Updates [ 
https://www.us-cert.gov/ncas/current-activity/2018/01/11/Juniper-Networks-Releases-Security-Updates ] 01/11/2018 12:14 
PM EST 
Original release date: January 11, 2018

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker 
could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply 
necessary updates:


  * ScreenOS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10841&cat=SIRT_1&actp=LIST ]: Etherleak 
vulnerability found on ScreenOS device (CVE-2018-0014) 
  * Junos Space Security Director and Log Collector [ 
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10840&cat=SIRT_1&actp=LIST ]: Multiple vulnerabilities 
resolved in 17.2R1 release 
  * CTPView [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10839&cat=SIRT_1&actp=LIST ]: Multiple Linux 
kernel vulnerabilities 
  * Junos Space [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838&cat=SIRT_1&actp=LIST ]: Multiple 
vulnerabilities resolved in 17.2R1 release 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10837&cat=SIRT_1&actp=LIST ]: OpenSSH Memory 
exhaustion due to unregistered KEXINIT handler (CVE-2016-8858) 
  * SRX Series [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836&cat=SIRT_1&actp=LIST ]: Firewall 
bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) 
  * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10835&cat=SIRT_1&actp=LIST ]: commit script may 
allow unauthenticated root login upon reboot (CVE-2018-0008) 
  * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10834&cat=SIRT_1&actp=LIST ]: bbe-smgd process 
denial of service while processing VLAN authentication requests/rejects (CVE-2018-0006) 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10833&cat=SIRT_1&actp=LIST ]: MAC move limit 
configured to drop traffic may forward traffic. (CVE-2018-0005) 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10832&cat=SIRT_1&actp=LIST ]: Kernel Denial 
of Service Vulnerability (CVE-2018-0004) 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10831&cat=SIRT_1&actp=LIST ]: A crafted MPLS 
packet may lead to a kernel crash (CVE-2018-0003) 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10830&cat=SIRT_1&actp=LIST ]: Malicious LLDP 
crafted packet leads to privilege escalation, denial of service. (CVE-2018-0007) 
  * Junos OS [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10829&cat=SIRT_1&actp=LIST ]: MX series, SRX 
series: Denial of service vulnerability in Flowd on devices with ALG enabled. (CVE-2018-0002) 
  * Junos [ https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10828&cat=SIRT_1&actp=LIST ]: Unauthenticated 
Remote Code Execution through J-Web interface (CVE-2018-0001) Junos: Unauthenticated Remote Code Execution through 
J-Web interface (CVE-2018-0001) 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:

Juniper Networks Releases Security Updates US-CERT (Jan 11)
- <Possible follow-ups>
- Juniper Networks Releases Security Updates US-CERT (Apr 13)
- Juniper Networks Releases Security Updates US-CERT (Jul 12)
- Juniper Networks Releases Security Updates US-CERT (Oct 10)