Juniper Networks has released patches for vulnerabilities affecting its networking and security devices running Junos OS, as well as a bucketload of security flaws in the Junos Space Network Management Platform, the Juniper Advanced Threat Prevention (JATP) appliance, and the SRX Series networking firewalls.
Junos OS flaws
Junos OS is the FreeBSD-based operating system used in Juniper Networks hardware routers, switches, gateways and security devices.
The most critical holes that have been plugged are:
- CVE-2019-0006 – an issue that can be triggered with a specially crafted HTTP packet and can result in a crash of the fxpc daemon or even lead to remote code execution. It affects Juniper’s EX, MX and QFX Virtual Chassis Platforms (combinations of standalone switches interconnected and managed as a single chassis).
- CVE-2019-0007 – a predictable IP ID Sequence Number in the software for virtualized vMX Series routers that could open the device as well as clients connecting through it to attacks (there are workarounds available).
- A batch of critical and high risk holes in the third-party libxml2 software library for parsing XML documents, which is included in the OS.
For the remaining security advisories, check out Juniper’s dedicated page.
All except one fixed issue have been discovered during production usage. The outlier is CVE-2015-1283, a numeric error vulnerability affecting the Expat XML processing library in Junos OS that could lead to a DoS condition and can be triggered through a specially crafted XML data input.
That issue was discovered by external security researchers and Juniper SIRT is aware of a working proof of concept of this vulnerability, but not of any malicious exploitation attempts in the wild.
Issues affecting other devices
The resolved Junos Space vulnerabilities – 39 CVE-numbered issues – range from medium risk to critical. The most severe one is CVE-2018-1126, an integer overrun in the process browsing procps-ng library/utilities, which could allow attackers to take control of the vulnerable network management devices and redirect traffic to malicious sources.
Users are advised to upgrade to Junos Space 18.4R1 or later release.
The batch of fixed Juniper APT appliance vulnerabilities are collectively deemed critical, as they include two vulnerabilities (CVE-2019-0020, CVE-2019-0022) stemming from hard coded credentials, some of which share the same password, effectively giving an attacker the ability to take control of any installation of the software.
There’s also critical vulnerability (CVE-2019-0029) that could allow an attacker to access the Splunk server, as the Splunk credentials are logged in a file readable by authenticated local users.
Users should upgrade to Juniper ATP 5.0.3 and 5.0.4 releases and to do some proactive credential/passphrase/key changing after the upgrade.
The holes plugged in the SRX Series networking firewalls are two and both can result in attackers breaking encryption. The issues have been resolved in SRC 4.12.0-R1 and subsequent releases.