高危保安警报 (A24-01-11): Juniper Networks Junos OS 及 Junos OS Evolved多个漏洞

描述:

Juniper Networks 发布了安全公告，以应对 Juniper Networks Junos OS 及 Junos OS Evolved 的多个漏洞。有关漏洞的详细资料，请参阅供应商网站的相应安全公告。

有报告指 Juniper EX Series 交换器及 SRX Series 防火墙的 Juniper Networks Junos OS 漏洞(CVE-2024-21591) 正处于被攻击的高风险。系统管理员应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

• Juniper Networks Junos OS
• Juniper Networks Junos OS Evolved

有关受影响产品的详细资料，请参阅供应商网站的相应安全公告。

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、绕过保安限制或篡改。

建议:

现已有适用于受影响产品的修补程式。受影响系统的系统管理员应遵从产品供应商的建议，立即採取行动以降低风险。

进一步资讯:

• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606
• https://www.hkcert.org/tc/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20240112
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36842
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21585
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21587
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21594 (to CVE-2024-21597)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21599 (to CVE-2024-21604)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21606 (to CVE-2024-21607)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21611 (to CVE-2024-21614)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21616 (to CVE-2024-21617)