Companies using Juniper Networks equipment need to get busy, with a monster patch for its Junos Space network management system, plus three patches for its Junos OS operating system.
The company says "external research" turned up 550 vulnerabilities in Juniper Space, and the most severe of these are rated critical.
The patches cover both vulnerabilities in third party software included with Junos Space, and vulnerabilities in the network management system itself.
The oldest of the vulnerabilities dates from 2003 – it’s a bug in Apache that permitted remote attackers to read sensitive information.
The bugs have been fixed in all releases newer than Junos Space 21.1R1.
Of the three bugs discovered in Junos OS, two affect its SRX firewalls and are rated high severity.
CVE-2021-0246 is a bug in various SRX firewalls running the operating system, affecting units in multi-tenant environments.
It’s a network jailbreak condition, the company explained in its advisory: “devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.”
The other high-rated bug is CVE-2021-0235, and also impacts firewalls deployed in a multi-tenant environment.
The advisory explains: “a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant.”
The bug was introduced in Junos OS versions 18.3R1 and later, and patches are now available.
Finally, there’s a high severity bug affecting various Juniper EX switches, CVE-2021-0271.
Attackers can send a crafted ARP packet to the switch, and exploit a double free vulnerability in the forwarding interface daemon.
This causes a denial of service for as long as the attacker sends crafted ARP packets to the target switch.