Networking tools producer Juniper Networks on Thursday introduced patches for greater than 30 vulnerabilities in Junos OS and Junos OS Developed, together with 9 high-severity flaws.
Essentially the most extreme of those points is an incorrect default permissions bug that enables an unauthenticated attacker with native entry to a susceptible machine to create a backdoor with root privileges.
Tracked as CVE-2023-44194 (CVSS rating of 8.4), the flaw exists as a result of a sure system listing has improper permissions related to it.
Juniper’s patches additionally tackle six high-severity vulnerabilities in Junos OS and Junos OS Developed that might result in denial of service (DoS). 5 of those could be exploited remotely, with out authentication.
Impacting each Junos OS and Junos OS Developed, the remaining two high-severity points could be exploited to impression the steadiness of units and the confidentiality and integrity of machine operations, respectively.
All of the remaining flaws resolved with this week’s Junos OS and Junos OS Developed updates are medium-severity vulnerabilities that might result in DoS circumstances, bypass of meant entry restrictions, impression on the integrity of programs or related networks, impression on system availability, credentials leak, configuration modifications leak, DMA reminiscence leak, or the inaccurate forwarding of MAC addresses.
Moreover, Juniper launched patches for a collection of medium-severity vulnerabilities in third-party software program used inside Junos OS and Junos OS Developed, together with NTP vulnerabilities and cryptographic algorithm points.
The networking merchandise maker has launched software program updates that tackle these vulnerabilities for Junos OS and Junos OS Developed variations 20.4, 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, 23.1, 23.2, and 23.3.
Juniper Networks says it’s not conscious of any of those vulnerabilities being exploited in malicious assaults.
Customers are suggested to use the out there patches as quickly as doable, provided that vulnerabilities in networking merchandise, together with Juniper units, are recognized to have been exploited within the wild.
Further info could be discovered on Juniper’s help portal.
