Juniper Networks yesterday issued 16 security advisories, announcing patches for multiple vulnerabilities found in its Junos OS, Junos Space and Contrail Service Orchestration (CSO) products, as well as the cURL library for Junos OS and ISC BIND software included with Junos for SRX Series devices.
Of the 12 bugs found in Junos OS, one was critical: a remote code execution vulnerability that can be exploited by malicious crafted BGP NOTIFICATION messages that cause the routing protocol daemon process to crash and restart. The flaw, designated CVE-2018-0037 and assigned a CVSS score of 9.8, affects certain versions of Junos OS 15.1, 15.1F5, 15.1F6, and 15.1F7. Juniper’s latest round of updates fixes this issue.
Altogether, Juniper remedied 23 bugs in Junos Space (one critical), six in CSO (three critical), 52 in the cURL library for Junos OS (one critical with a CVSS score of 10.0), and four in the ISC BIND software included with Junos for SRX Series devices.