1. 主页
  2. 保安警报
  3. 保安警报 (A24-10-13)

保安警报 (A24-10-13): Juniper Networks 产品多个漏洞


 

发布日期: 2024年 10月 10日

  
  

描述:

Juniper Networks 发布了安全公告,以应对 Junos OS、Junos OS Evolved 及 Junos Space 的多个漏洞。有关漏洞的详细资料,请参阅供应商网站的相应安全公告。

 

受影响的系统:

  • Juniper Networks Junos OS
  • Juniper Networks Junos OS Evolved
  • Juniper Networks Junos Space

有关受影响系统的详细资料,请参阅供应商网站的相应安全公告。

 

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯或绕过保安限制。

 

建议:

现已有适用于受影响系统的修补程式。受影响系统的系统管理员应遵从供应商的建议,立即採取行动以降低风险。

 

进一步资讯:

  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385
  • https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746 (to CVE-2016-0747)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741 (to CVE-2022-41742)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567 (to CVE-2023-0568)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823 (to CVE-2023-3824)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39515 (to CVE-2024-39516)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39525 (to CVE-2024-39527)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39534
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39544
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39547
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39563
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47489 (to CVE-2024-47491)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47493 (to CVE-2024-47499)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47501 (to CVE-2024-47504)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47506 (to CVE-2024-47507)


标签 : Juniper , Junos OS , Junos Space
标签