Juniper Networks has shipped fixes for crucial insects inherited from third-party device, as a part of its first massive cargo of patches in 2023.
In an advisory, Juniper unearths that its Protected Analytics product inherits an Apache Commons Textual content trojan horse, CVE-2022-42889.
The trojan horse implies that programs the use of a prone model of Apache Commons Textual content may well be susceptible to far off code execution (RCE).
âThis factor impacts Juniper Networks Safety Danger Reaction Supervisor (STRM) variations previous to 7.5.0UP4 on JSA Sequence,” Juniperâs advisory said.
STRM 7.5.0UP4 and all next releases use a patched model of Apache Commons Textual content.
In a separate advisory, Juniper mentioned it has additionally up to date the libexpat library it makes use of in its Junos OS working gadget in opposition to 15 insects, seven of which can be rated crucial (CVSS rating of 9.8 in every case). The problem impacts âall variations of Junos OSâ, the advisory mentioned.
The crucial insects come with CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-25315, and CVE-2022-23852, all of which can be integer overflows.
CVE-2022-25235 is an encoding validation error, and CVE-2022-25236 âpermits attackers to insert namespace-separator characters into namespace URIsâ.
Fixes were shipped for all affected Junos OS construct collection.