Juniper: 28 vulnerability notices published
Juniper addresses vulnerabilities in the appliances and their operating systems in 28 security bulletins.
(Image: asharkyu/Shutterstock.com)
Juniper Networks issued a total of 28 security bulletins on Wednesday this week. The manufacturer addresses vulnerabilities in various appliances and operating systems – up to the severity level “critical.”
IT managers should check whether they are using the vulnerable devices and associated software and apply the updates provided promptly. The spectrum of vulnerabilities and their effects is broad: attackers can, for example, infiltrate and execute malicious code, extend their rights, launch denial-of-service attacks, bypass security measures, or read or even manipulate data without authorization.
Juniper's search provides an overview of the latest security notifications from developers. At the time of reporting, the most recent 28 releases are from Wednesday of this week. The affected systems include Junos OS, Junos OS Evolved, the ACX, MX, SRX series, and Juniper Apstra.
Two critical vulnerabilities
In the Juniper Networks Security Director, unauthenticated attackers can access or manipulate sensitive resources from the network via the web interface. “Numerous API endpoints of Juniper Security Director appliances do not verify authentication and provide callers with information outside their authorization level. The information obtained can be used to gain access to additional information or perform other attacks that affect devices managed by the appliance,” Juniper explains in the security advisory (CVE-2025-52950 / no EUVD, CVSS 9.6, risk “critical”).
Videos by heise
Attackers in a position between the Radius client and server of Junos OS and Junos OS Evolved can bypass authentication. The cause is insufficient verification of an integrity check value and insufficient enforcement of message integrity on a communication channel, Juniper's developers explain (CVE-2024-3596 / EUVD-2024-32175, CVSS 9.0, risk “critical”).
Most of the other vulnerabilities are classified as high risk, but many are only classified as medium risk. Admins can find information on the affected devices and the various vulnerabilities directly in the Juniper overview.
Juniper last distributed numerous security updates in April. There were already numerous notifications on the vulnerabilities—22 in total.
(dmk)
