Network Security, Patch/Configuration Management, Vulnerability Management

Juniper Networks fixes 12 bugs in Junos OS, more in additional software

Juniper Networks yesterday issued 16 security advisories, announcing patches for multiple vulnerabilities found in its Junos OS, Junos Space and Contrail Service Orchestration (CSO) products, as well as the cURL library for Junos OS and ISC BIND software included with Junos for SRX Series devices.

Of the 12 bugs found in Junos OS, one was critical: a remote code execution vulnerability that can be exploited by malicious crafted BGP NOTIFICATION messages that cause the routing protocol daemon process to crash and restart. The flaw, designated CVE-2018-0037 and assigned a CVSS score of 9.8, affects certain versions of Junos OS 15.1, 15.1F5, 15.1F6, and 15.1F7. Juniper's latest round of updates fixes this issue.

Altogether, Juniper remedied 23 bugs in Junos Space (one critical), six in CSO (three critical), 52 in the cURL library for Junos OS (one critical with a CVSS score of 10.0), and four in the ISC BIND software included with Junos for SRX Series devices.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.