描述:
Juniper Networks 发布了安全公告,以应对 Junos OS 及 Junos OS Evolved 的多个漏洞。有关漏洞的详细资料,请参阅供应商网站的相应安全公告。
受影响的系统:
- Juniper Networks Junos OS
- Juniper Networks Junos OS Evolved
有关受影响系统的详细资料,请参阅供应商网站的相应安全公告。
影响:
成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯或绕过保安限制。
建议:
现已有适用于受影响系统的修补程式。受影响系统的系统管理员应遵从供应商的建议,立即採取行动以降低风险。
进一步资讯:
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-net-SNMP-5-9-4
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Upon-processing-specific-L2-traffic-rpd-can-hang-in-devices-with-EVPN-VXLAN-configured-CVE-2024-39517
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-SSH-connections-causes-a-Denial-of-Service-CVE-2024-39562
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-CLI-parameter-processing-issues-allowing-privilege-escalation-resolved
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL-3-0-12
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-arbitrary-data-when-sampling-service-is-enabled-leads-to-partial-Denial-of-Service-DoS-CVE-2024-39553
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-User-is-not-logged-out-when-the-console-cable-is-disconnected-CVE-2024-39512
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529
- https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561
- https://www.hkcert.org/tc/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20240712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5621
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18065
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20892
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15861 (to CVE-2020-15862)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215 (to CVE-2023-0217)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465 (to CVE-2023-0466)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1255
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4807
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39512 (to CVE-2024-39514)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39517 (to CVE-2024-39524)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39528 (to CVE-2024-39533)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39535 (to CVE-2024-39543)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39545 (to CVE-2024-39546)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39548
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39550 (to CVE-2024-39553)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39555 (to CVE-2024-39562)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39565