Juniper Networks problems crucial patches – Safety

Juniper Networks has shipped fixes for crucial insects inherited from third-party device, as a part of its first massive cargo of patches in 2023.

In an advisory, Juniper unearths that its Protected Analytics product inherits an Apache Commons Textual content trojan horse, CVE-2022-42889.

The trojan horse implies that programs the use of a prone model of Apache Commons Textual content may well be susceptible to far off code execution (RCE).

“This factor impacts Juniper Networks Safety Danger Reaction Supervisor (STRM) variations previous to 7.5.0UP4 on JSA Sequence,” Juniper’s advisory said.

STRM 7.5.0UP4 and all next releases use a patched model of Apache Commons Textual content.

In a separate advisory, Juniper mentioned it has additionally up to date the libexpat library it makes use of in its Junos OS working gadget in opposition to 15 insects, seven of which can be rated crucial (CVSS rating of 9.8 in every case). The problem impacts “all variations of Junos OS”, the advisory mentioned.

The crucial insects come with CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-25315, and CVE-2022-23852, all of which can be integer overflows.

CVE-2022-25235 is an encoding validation error, and CVE-2022-25236 “permits attackers to insert namespace-separator characters into namespace URIs”.

Fixes were shipped for all affected Junos OS construct collection.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: