Key thing here is review: some of these flaws can be exploited to bring down equipment, or allow a rogue non-admin insider to take over a box. Some may not be directly exploitable but present in software within Juniper's products. So, review the risk, and update accordingly.in Junos Space, the vendor's network management software, which Juniper collectively rated"critical.
All of the other products' critical security updates note that Juniper is not aware of any malicious exploitation — but that notice is conspicuously absent from the Junos Space flaws and the vendor didn't respond toAccording to the bulletin, which collectively rated 31 Junos Space bugs as critical, the vulns affect several third-party products including nginx resolver, Oracle Java SE, OpenSSH, Samba, the RPM package manager, Kerberos, OpenSSL, the Linux kernel, curl, and MySQL Server.
One of these, tracked as CVE-2021-23017 in nginx resolver, received a CVSS severity score of 9.4 out of 10, and if exploited could allow an attacker to crash the entire system. It"might allow an attacker who is able to forge UDP packets from the DNS server to cause one-byte memory overwrite, resulting in worker process crash or potential other impact," Juniper warned.
While the vendor didn't provide details about the Policy Enforcer bugs, they received a 9.8 CVSS score, and there are"multiple" vulnerabilities in this product, according to the security bulletin. The flaws affect all versions of Junos Space Policy Enforcer prior to 22.1R1, and Juniper said it has fixed the issues.
The next group of critical vulnerabilities exist in third-party software used in the Contrail Networking product. In this securityUpgrading to release 21.4.0 fixes the Open Container Initiative-compliant Red Hat Universal Base Image container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8, the vendor explained in the alert.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: BBCLondonNews - 🏆 115. / 51 Read more »
Source: TheRegister - 🏆 67. / 61 Read more »
Source: TheRegister - 🏆 67. / 61 Read more »
Source: TheRegister - 🏆 67. / 61 Read more »
Source: The Yorkshire Post - 🏆 39. / 66 Read more »
Source: TheSun - 🏆 64. / 61 Read more »