Juniper Networks has released 19 security advisories to fix many vulnerabilities on Junos OS and other products. The updates also address a Critical SRX “double free” flaw and multiple SRC Bouncy Castle vulnerabilities.
The Juniper security advisory 2020-07 is quite large and addresses vulnerabilities, such as Denial of Service or third party components, that date back multiple years.
Critical SRX double free vulnerability
One of the most notable and severe vulnerabilities is the Junos OS SRX Double free vulnerability. This issue could lead to Denial of Service (DoS) or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled (CVE-2020-1647).
The vulnerability impacts Juniper Networks SRX Series firewalls and should be high priority given it is rated Critical and CVSS score of 9.8.
SRC Bouncy Castle vulnerabilities
In addition, Juniper has addressed many Bouncy Castle vulnerabilities in the Session and Resource Control (SRC) software of the Bouncy Castle package.
Nearly 20 vulnerabilities that span 2007 to 2019 have been patched with version 1.62 upgrade on affected SRC software.
We counted at least three Critical vulnerabilities also fixed in the SRC Bouncy Castle patch: CVE-2018-1000613, CVE-2018-5382 and CVE-2007-6721.
Juniper rates this advisory a CVSS score of 7.3 or High severity.
Junos Space vulnerabilities
To add, Juniper also fixed many vulnerabilities in Junos Space and Junos Space Security Director 20.1R1. For many of these issues, Juniper updated third party software that was included in Junos Space and Junos Space Security Director.
Nearly two dozen Critical vulnerabilities were addressed in the Junos Space updates and too many to list here.
Juniper also rates this advisory a CVSS score of 9.8 or Critical severity.
Juniper also patched 18 Juniper Secure Analytics (JSA) vulnerabilities in third party software packets and other software components.
The issues have been resolved in JSA: 7.3.2 patch 7, 7.3.3 patch 3, 7.4.0, and all subsequent releases.
Juniper rates this advisory a CVSS score of 8.4 or High severity.
Other Junos OS vulnerabilities
Finally, Juniper patched many other vulnerabilities in Junos OS that affect multiple products.
One of those, a High severity Junos OS vulnerability CVE-2020-1640, could cause affected devices to crash.
“An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition,” Juniper explained.
In addition, the following Junos OS advisories were released:
- Junos OS: RPD crash when executing specific “show ospf interface” commands from the CLI with OSPF authentication configured (CVE-2020-1643)
- Junos OS and Junos OS Evolved: OpenSSL Security Advisory [20 Dec 2019]
- Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241)
- Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645)
- Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. (CVE-2020-1641)
- Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644)
- Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654)
- Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646)
- Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet (CVE-2020-1648)
- Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649)
- Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2020-1650)
- Junos OS: MX Series: PFE on the line card may crash due to memory leak. (CVE-2020-1651)
- Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653)
- Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655)
In conclusion, the latest Juniper updates should be highly prioritized, given the large number of vulnerabilities and Juniper products impacted.