Juniper Networks this week issued 27 software security advisories covering 84 product vulnerabilities, 31 of them critical.
All of the critical flaws were listed in a single security advisory that detailed 53 vulnerabilities in its Contrail Networking cloud network automation product. Two of the bugs were assessed a maximum 10.0 CVSS base score: a path traversal vulnerability that “allows copying and overwriting files outside of the specified destination in the local ansible controller host,” (CVE-2019-3828) and a vulnerability that could enable remote attackers to conduct server-side request forgery attacks (CVE-2018-14721). Juniper resolved the various flaws in release version 1910.
A number of other products had vulnerabilities patched as well, including Junos OS, NFX Series, CTPView and CTP Series, SBR Carrier and SRX5000 Series.