April 16, 2023

Juniper Patches Critical Third-Party Vulnerabilities

Juniper Networks has issued security advisories to address vulnerabilities in JunosOS, Paragon Active Assurance (PAA), and Juniper Secure Analytics (JSA) Series.

Some of these vulnerabilities could allow an attacker to gain control over a vulnerable system.

The Critical Advisories

• JunosOS, (Critical) – Multiple critical-severity vulnerabilities in Expat (libexpat), a third-party stream-oriented XML parser library.
  Successful exploitation could allow a low-privileged local attacker to modify files or execute commands with root privileges, or execute administrative commands.
• Junos Space Advisory, (Critical) – A critical vulnerability in Apache Commons Text (CVE-2022-42889).
  Successful exploitation could allow to malicious actor to perform remote code execution.

Affected Products

• Junos OS: A variety of versions, a full list can be found in the advisory.
• Security Threat Response Manager (STRM): All versions prior to 7.5.0UP4 on JSA Series.
• Paragon Active Assurance: All versions prior to 4.1.2.

Mitigation

CYREBRO recommends Juniper customers to update to the most recent version of the affected products.

References: Juniper Advisory