Juniper Networks issued 11 security alerts, two critical, five high and four medium, for a large number of vulnerabilities across a several product lines.
The critical issues cover Steel Belted Radius Carrier Edition and Junos Space. The former product contains 21 CVEs and affects Steel Belted Radius Carrier Edition 8.4R14 on RHEL6 (32-bit), RHEL6 (64-bit), RHEL7, Sparc Solaris (32-bit), Sparc Solaris (64-bit) and 8.5R5 on RHEL6 (64-bit), RHEL7, Sparc Solaris (64-bit) and all subsequent releases, Juniper said. Patches and updates correcting the issues are available and there is no evidence of these issues being exploited.
Junos Space 19.2R1 and all subsequent releases are covered by 15 CVEs all of which have been mitigated with patches available here. The company also recommends that to reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users.
The five high-rated alerts are for Juniper Secure Analytics, Junos OS, Junos OS with J-Web enabled and SRX Series platforms running Junos OS. Some of the problems that can arise if the associated vulnerabilities are exploited include a denial of service situation, stack-base overflow, causing the local routing protocol daemon process to crash and restart and processor crash.
Links to the updates and patches for the high and medium patches can be found here.
