Network Security, Patch/Configuration Management, Vulnerability Management

Juniper Networks fixes 12 bugs in Junos OS, more in additional software

Bradley BarthJuly 13, 2018

Juniper Networks yesterday issued 16 security advisories, announcing patches for multiple vulnerabilities found in its Junos OS, Junos Space and Contrail Service Orchestration (CSO) products, as well as the cURL library for Junos OS and ISC BIND software included with Junos for SRX Series devices.

Of the 12 bugs found in Junos OS, one was critical: a remote code execution vulnerability that can be exploited by malicious crafted BGP NOTIFICATION messages that cause the routing protocol daemon process to crash and restart. The flaw, designated CVE-2018-0037 and assigned a CVSS score of 9.8, affects certain versions of Junos OS 15.1, 15.1F5, 15.1F6, and 15.1F7. Juniper's latest round of updates fixes this issue.

Altogether, Juniper remedied 23 bugs in Junos Space (one critical), six in CSO (three critical), 52 in the cURL library for Junos OS (one critical with a CVSS score of 10.0), and four in the ISC BIND software included with Junos for SRX Series devices.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

patch presented in the form of binary code

Network Security

Over 100 Juniper Networks flaws addressed

SC StaffApril 16, 2024

SecurityWeek reports that more than 100 security vulnerabilities affecting several Juniper Networks products have been patched as part of dozens of advisories issued by the firm last week.

A computer screen with Javascript is seen

Network Security

Attempted XZ Utils backdoor-like hijacking thwarted

SC StaffApril 16, 2024

Attempted hijacking attacks similar to the recent compromise of the XZ Utils data compression project have been averted by OpenJS Foundation researchers, according to The Record, a news site by cybersecurity firm Recorded Future.

Cloud Security

New Muddled Libra attacks set sights on cloud

SC StaffApril 16, 2024

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Juniper Networks fixes 12 bugs in Junos OS, more in additional software

Related

Over 100 Juniper Networks flaws addressed

Attempted XZ Utils backdoor-like hijacking thwarted

New Muddled Libra attacks set sights on cloud

Related Events

The Security Experts Next Door: Enterprise Defense on a Lean Budget

Network security: New tools for an aging art

Get daily email updates