Juniper Networks knowledgeable customers this week that it has patched tens of vulnerabilities, comprehending serious issues that can be exploited to take control of affected organized wholes.
Juniper Networks has published 40 security advisories describing vulnerabilities in its Junos OS run system, which powers the company’s firewalls, and various third-party components.
A few vulnerabilities that have collectively been assigned a critical harshness rating have been found in the Juniper Networks Mist Cloud UI. The skedaddles, related to Security Assertion Markup Language (SAML) authentication, grant a remote attacker to bypass SAML authentication.
Juniper has also briefed customers of a critical remote code execution vulnerability affecting the Telnet server second-hand by Junos OS.
The other flaws rated critical affect third-party components, classifying SQLite and the PyYAML YAML parser.
The company has released over a dozen advisories for high-severity vulnerabilities. Myriad of these weaknesses can be exploited for denial-of-service (DoS) attacks, but some could sanction arbitrary code execution, including by sending specially crafted messages or via cross-site handwriting (XSS).
Updates have also been released to address crypto-related broadcasts, including in OpenSSL, and vulnerabilities such as SACK Panic (in Linux essence) and ZombieLoad variant 2 (in Intel processors).
While Juniper intends that it has found no evidence of malicious exploitation, the advisories for some of the black marks do inform users about the public availability of exploits.
The U.S. Cybersecurity and Infrastructure Assurance Agency (CISA) has advised organizations to review the Juniper advisories and make application the updates.
Related: Juniper Networks Patches Critical Vulnerabilities in Firewalls
Cognate: U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor
Linked: Juniper Networks Patches Over 60 Flaws in Junos, ATP Spin-offs
Related: Juniper Launches Adaptive Threat Profiling, New VPN Features