800pxjunipernetworksheadquarterssunnyvale100628117orig
Security

Juniper patches high-risk flaws in Junos OS

Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.

The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.

The flaw was fixed in Junos OS 12.1X46-D45, 12.1X46-D46, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D25, 13.3R10, 13.3R9-S1, 14.1R7, 14.1X53-D35, 14.2R6, 15.1A2, 15.1F4, 15.1X49-D30 and 15.1R3. A temporary workaround is to disable J-Web or to limit which IP addresses can access the interface.

The company also fixed several vulnerabilities that can lead to denial of service conditions. One of them can be used to crash the kernel of a Junos OS device with a 64-bit architecture by sending a specially crafted UDP packet destined to an interface IP address of the device itself.

Another kernel crash can be triggered with specially crafted ICMP packets sent to Junos OS devices configured with a GRE or IPIP tunnel. The attack requires knowledge of network-specific information.

High-End SRX-Series chassis, configured in either standalone or cluster mode, are susceptible to several denial-of-service conditions if the in-transit traffic matches one or more ALG (application layer gateway) rules.

Another Junos patch fixes a potential networking data leak -- mbuf leak -- when source and destination MAC addresses of Ethernet frames with the EtherType field of IPv6 (0x86DD) are flooded into the VPLS instance.

One interesting patch is for a crypto vulnerability that affects device-to-device communication protocols using IKE/IPsec public-key authentication. It turns out that Junos OS would accept a self-signed certificate as valid if the certificate's issuer name matched one of the valid certificate authority (CA) certificates enrolled in Junos.

Finally, one fix reverts a issue with SRX Series devices that were upgraded to Junos OS 12.1X46. If the devices was upgraded using the "request system software" command with the "partition" option the update might have failed and the devices might have been left in a safe mode authentication state that allows logging in as the root account with no password.

IDG Insider

PREVIOUS ARTICLE

« Nvidia's powerful Ansel screenshot tool and amusing VR Funhouse demo go live

NEXT ARTICLE

Maxthon MX5 review: Rough-and-ready browser offers paid features for free »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Training and certification for a cloud native world

Keri Allan looks at the latest trends and technologies

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Poll

Do you think your smartphone is making you a workaholic?