Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than 70 vulnerabilities that affect its solutions.
US CISA also issued a security advisory to warn organizations of the security updates released by Juniper Networks.
“Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.” reads the advisory published by CISA. “CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.”
The flaws addressed by the company include remote code execution issues, privilege escalation, DoS vulnerabilities, and XSS.
The majority of the vulnerabilities affect Juniper’s Junos OS operating system, the most severe issues reside in the third-party components used by Contrail Insights and the Technology Session Smart Routers.
CVE-2019-15605 | 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) | HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed |
CVE-2019-15606 | 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons |
Juniper said that it is not aware of attacks in the wild exploiting any of the addressed vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, cyber security)
[adrotate banner=”5″]
[adrotate banner=”13″]
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
This website uses cookies.