Juniper patches multiple vulnerabilities in Junos OS and other products (October 2021)

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, PTX Series, QFX Series, SRX Series network devices and multiple other products.

An attacker could exploit these vulnerabilities and potentially take over impacted systems.

Listed below are the first 10 of the 44 advisories released October 13 to October 14, 2021 that impact multiple products below:

2021-10 Security Bulletin: Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset (CVE-2021-31351)

2021-10 Security Bulletin: CTPView: HSTS not being enforced on CTPView server. (CVE-2021-0296)

2021-10 Security Bulletin: Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication (CVE-2021-0297)

2021-10 Security Bulletin: Junos OS Evolved: PTX10003, PTX10008: picd core while executing the “show chassis pic” command under certain conditions (CVE-2021-0298)

2021-10 Security Bulletin: Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet (CVE-2021-0299)

2021-10 Security Bulletin: Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET) (CVE-2021-31350)

2021-10 Security Bulletin: SRC Series: NETCONF over SSH allows negotiation of weak ciphers (CVE-2021-31352)

2021-10 Security Bulletin: Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update (CVE-2021-31353)

2021-10 Security Bulletin: Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE) (CVE-2021-31354)

2021-10 Security Bulletin: Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal (CVE-2021-31355)

Juniper

Readers can check out the Juniper October security advisory for a full list of patches that impact Juniper products.

Related Articles