Juniper Networks released a long list of security updates including seven critical flaws, six of which affect all platforms running Junos OS.
The six critical issues CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7184, CVE-2018-7185 and CVE-2018-7183 are for vulnerabilities in ntpd (NTP daemon) varying from allowing arbitrary code execution to denial of service attacks to take place if exploited.
The other critical issue addressed in the update, CVE-2018-0044, covers an insecure SSHD configuration in Juniper Device Manager and host OS on Juniper NFX Series devices that could allow remote unauthenticated access if any of the passwords on the system are empty and the affected SSHD configuration has the PermitEmptyPasswords option set to "yes".
Juniper noted the issue is only exploitable when there are user or system accounts with blank or empty passwords configured on JDM or host OS. There is no evidence that this vulnerability is being exploited in the wild.
In addition to the critical issues patched, Juniper had updates to repair 10 high-rate, and 11 medium-rated bugs.
Some of the higher profile high-rated problems included CVE-2018-0048, a memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support and CVE-2018-0052 for Junos OS where an unauthenticated remote root access possible when RSH service is enabled.
Patches for these issues can be downloaded here.
