Juniper Networks patched a large number of critical vulnerabilities in various networking and controller solutions.
The most important patches apply to Junos Space, Contrail Networking and NorthStar Controller solutions. These have been labelled as critical by US security supervisor CISA. Some of the vulnerabilities make it possible to disable or hijack networking equipment without permission.
Junos Space, Contrail Networking and Northstar Controller
Junos Space, Juniper’s network management software, hosts some of the most critical vulnerabilities. There are 31 issues in total. These also affect the products of third-party suppliers, such as nginx resolver, Oracle Java SE, OpenSSH, Samba, the RPM package manager, Kerberos, OpenSSL, MySQL Server and the Linux kernel.
CVE-2021-23017 in nginx resolver allows hackers to crash entire systems. The vulnerability lets hackers create UDP packets from the DNS server to enable 1-byte memory overrides and crash processes. A simple upgrade from nginx 1.18.0 to 1.20.1 solves the problem.
More than 100 vulnerabilities were found in Juniper Contrail Networking. Some date back to 2013. Juniper also released a patch for a bug that allows remote code execution in NorthStar Controller.
In addition to the critical vulnerabilities, Juniper fixed several smaller bugs in Junos OS, Secure Analytics, Identity Management Service, Paragon Active Assurance and Contrail Networking.