高危保安警報 (A24-01-11): Juniper Networks Junos OS 及 Junos OS Evolved多個漏洞

描述:

Juniper Networks 發布了安全公告，以應對 Juniper Networks Junos OS 及 Junos OS Evolved 的多個漏洞。有關漏洞的詳細資料，請參閱供應商網站的相應安全公告。

有報告指 Juniper EX Series 交換器及 SRX Series 防火牆的 Juniper Networks Junos OS 漏洞(CVE-2024-21591) 正處於被攻擊的高風險。系統管理員應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

• Juniper Networks Junos OS
• Juniper Networks Junos OS Evolved

有關受影響產品的詳細資料，請參閱供應商網站的相應安全公告。

影響:

成功利用漏洞可以在受影響的系統導致遠端執行程式碼、服務被拒絕、權限提升、繞過保安限制或篡改。

建議:

現已有適用於受影響產品的修補程式。受影響系統的系統管理員應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601
• https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606
• https://www.hkcert.org/tc/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20240112
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36842
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21585
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21587
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21594 (to CVE-2024-21597)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21599 (to CVE-2024-21604)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21606 (to CVE-2024-21607)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21611 (to CVE-2024-21614)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21616 (to CVE-2024-21617)