Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1271
Security updates for Junos OS & Junos OS Evolved
9 April 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Junos OS
Junos OS Evolved
Publisher: Juniper Networks
Operating System: Network Appliance
Impact/Access: Root Compromise -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1634 CVE-2020-1632 CVE-2020-1630
CVE-2020-1625 CVE-2020-1624 CVE-2020-1623
CVE-2020-1622 CVE-2020-1621 CVE-2020-1620
CVE-2020-1619 CVE-2020-1618 CVE-2020-1617
CVE-2020-1615 CVE-2020-1613 CVE-2018-6918
CVE-2018-6916 CVE-2016-1286 CVE-2016-1285
Reference: ASB-2017.0219
ASB-2017.0208
ESB-2020.1110
ESB-2019.1981
ESB-2018.1023
ESB-2018.0678
Original Bulletin:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11001
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11002
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11003
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11004
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10994
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10996
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11000
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11010
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11013
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11014
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11016
Comment: This bulletin contains twelve (12) Juniper Networks security
advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
2020-04 Security Bulletin: Junos OS: EX and QFX Series: Console port
authentication bypass vulnerability (CVE-2020-1618)
Article ID: JSA11001 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 1.0
Product Affected:
This issue affects Junos OS 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3,
17.4, 18.1, 18.2, 18.3. Affected platforms: EX and QFX Series.
Problem:
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability
may allow a user connected to the console port to login as root without any
password.
This issue might only occur in certain scenarios:
o At the first reboot after performing device factory reset using the command
"request system zeroize"; or
o A temporary moment during the first reboot after the software upgrade when
the device configured in Virtual Chassis mode.
This issue affects Juniper Networks Junos OS on EX and QFX Series:
14.1X53 versions prior to 14.1X53-D53;
15.1 versions prior to 15.1R7-S4;
15.1X53 versions prior to 15.1X53-D593;
16.1 versions prior to 16.1R7-S4;
17.1 versions prior to 17.1R2-S11, 17.1R3-S1;
17.2 versions prior to 17.2R3-S3;
17.3 versions prior to 17.3R2-S5, 17.3R3-S6;
17.4 versions prior to 17.4R2-S9, 17.4R3;
18.1 versions prior to 18.1R3-S8;
18.2 versions prior to 18.2R2;
18.3 versions prior to 18.3R1-S7, 18.3R2.
This issue does not affect Juniper Networks Junos OS 12.3.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was found during internal product security testing or research.
This issue has been assigned CVE-2020-1618.
Solution:
The following software releases have been updated to resolve this specific
issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1,
17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2,
18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases.
This issue is being tracked as 1378429 and 1368940.
Workaround:
Limit physical access to the console port only to trusted administrators.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/.
Modification History:
2020-04-08: Initial publication
CVSS Score:
6.3 (CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Related Links
o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
o KB16765: In which releases are vulnerabilities fixed?
o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
o Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
o CVE-2019-0071 at cve.mitre.org
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: QFX10K Series, EX9200 Series, MX Series,
PTX Series: Privilege escalation vulnerability in NG-RE. (CVE-2020-1619)
Article ID: JSA11002 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 2.0
Product Affected:
This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2,
18.2X75, 18.3, 18.4. Affected platforms: EX9200 Series, MX Series, PTX Series,
QFX10K Series.
Problem:
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200
Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE),
allows a local authenticated high privileged user to access the underlying WRL
host.
This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX
Series with NG-RE and PTX Series with NG-RE; which uses vmhost.
This issue affects Juniper Networks Junos OS:
16.1 versions prior to 16.1R7-S6;
16.2 versions prior to 16.2R2-S11;
17.1 versions prior to 17.1R2-S11, 17.1R3;
17.2 versions prior to 17.2R1-S9, 17.2R3-S3;
17.3 versions prior to 17.3R2-S5, 17.3R3-S7;
17.4 versions prior to 17.4R2-S7, 17.4R3;
18.1 versions prior to 18.1R3-S4;
18.2 versions prior to 18.2R3;
18.2X75 versions prior to 18.2X75-D50;
18.3 versions prior to 18.3R2;
18.4 versions prior to 18.4R2.
To identify whether the device has NG-RE with vmhost, customer can run the
following command:
> show vmhost status
Compute cluster: rainier-re-cc
Compute Node: rainier-re-cn, Online
If the "show vmhost status" is not supported, then the device does not have
NG-RE with vmhost.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was found during internal product security testing or research.
This issue has been assigned CVE-2020-1619.
Solution:
The following software releases have been updated to resolve this specific
issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S3,
17.3R2-S5, 17.3R3-S7, 17.4R2-S7, 17.4R3, 18.1R3-S4, 18.2R3, 18.2X75-D50,
18.3R2, 18.4R2, 19.1R1 and all subsequent releases.
This issue is being tracked as 1398331.
Workaround:
There are no available workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/.
Modification History:
2020-04-08: Initial publication
CVSS Score:
6.0 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Related Links
o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
o KB16765: In which releases are vulnerabilities fixed?
o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
o Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
o CVE-2020-1619 at cve.mitre.org
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS Evolved: Local log files accessible from
the shell may leak sensitive information
Article ID: JSA11003 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 1.0
Product Affected:
This issue affects Junos OS Evolved.
Problem:
Multiple information disclosure vulnerabilities in Juniper Networks Junos OS
Evolved allow a local, authenticated user with shell access the ability to view
sensitive configuration information, such as the hashed values of login
passwords and shared secrets. The information provided is similar to the output
from 'show config system login', which is typically restricted to the
super-user class. The log files are readable by any authenticated user with
shell access.
One or more of these issues affect all versions of Junos OS Evolved prior to
19.3R1.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was found during internal product security testing or research.
The issues addressed in this advisory include:
CVE CVSS Summary
5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can
CVE-2020-1620 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords
C:H/I:N/A:N) via configd streamer log.
5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can
CVE-2020-1621 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords
C:H/I:N/A:N) via configd traces.
5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can
CVE-2020-1622 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords
C:H/I:N/A:N) and shared secrets via the EvoSharedObjStore.
5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can
CVE-2020-1623 AC:L/PR:L/UI:N/S:U/ view sensitive configuration information via
C:H/I:N/A:N) the ev.ops configuration file.
A local, authenticated user with shell can
5.5 (CVSS:3.1/AV:L/ obtain the hashed values of login passwords
CVE-2020-1624 AC:L/PR:L/UI:N/S:U/ and shared secrets via raw objmon
C:H/I:N/A:N) configuration files.
Solution:
The following software releases have been updated to resolve these specific
issues: 19.3R1-EVO and all subsequent releases.
This issue is being tracked as 1406193, 1406189, 1406195, 1406191 and 1406239.
Workaround:
o Disallow unprivileged authenticated users access to Junos shell.
o Limit access to the Junos OS shell to only trusted system administrators.
Implementation:
How to obtain fixed software:
Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security
Advisory and Security Notices will indicate which Maintenance and Service
Releases contain fixes for the issues described. Upon request to JTAC,
customers will be provided download instructions for a Service Release.
Although Juniper does not provide formal Release Note documentation for a
Service Release, a list of "PRs fixed" can be provided on request.
Modification History:
2020-04-08: Initial publication
CVSS Score:
5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Related Links
o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
o KB16765: In which releases are vulnerabilities fixed?
o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
o Report a Vulnerability - How to Contact the Juniper Networks Security
Incident Response Team
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: Kernel memory leak in virtual-memory due
to interface flaps (CVE-2020-1625)
Article ID: JSA11004 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 2.0
Product Affected:
This issue affects Junos OS 16.1, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2,
18.2X75, 18.3, 18.4, 19.1, 19.2.
Problem:
The kernel memory usage represented as "temp" via 'show system virtual-memory'
may constantly increase when Integrated Routing and Bridging (IRB) is
configured with multiple underlay physical interfaces, and one interface flaps.
This memory leak can affect running daemons (processes), leading to an extended
Denial of Service (DoS) condition.
Usage of "temp" virtual memory, shown here by a constantly increasing value of
outstanding Requests, can be monitored by executing the 'show system
virtual-memory' command as shown below:
user@junos> show system virtual-memory |match "fpc|type|temp"
fpc0:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2023 431K - 10551
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
fpc1:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2020 431K - 6460
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
user@junos> show system virtual-memory |match "fpc|type|temp"
fpc0:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2023 431K - 16101
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
fpc1:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2020 431K - 6665
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
user@junos> show system virtual-memory |match "fpc|type|temp"
fpc0:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2023 431K - 21867
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
fpc1:
- --------------------------------------------------------------------------
Type InUse MemUse HighUse Requests Size(s)
temp 2020 431K - 6858
16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608
This issue affects Juniper Networks Junos OS:
o 16.1 versions prior to 16.1R7-S6;
o 17.1 versions prior to 17.1R2-S11, 17.1R3-S1;
o 17.2 versions prior to 17.2R2-S8, 17.2R3-S3;
o 17.2X75 versions prior to 17.2X75-D44;
o 17.3 versions prior to 17.3R2-S5, 17.3R3-S6;
o 17.4 versions prior to 17.4R2-S5, 17.4R3;
o 18.1 versions prior to 18.1R3-S7;
o 18.2 versions prior to 18.2R2-S5, 18.2R3;
o 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420,
18.2X75-D60;
o 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3;
o 18.4 versions prior to 18.4R2-S2, 18.4R3;
o 19.1 versions prior to 19.1R1-S3, 19.1R2;
o 19.2 versions prior to 19.2R1-S3, 19.2R2.
This issue does not affect Juniper Networks Junos OS 12.3 nor 15.1.
Minimum configuration required:
set interfaces irb
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1625.
Solution:
The following software releases have been updated to resolve this specific
issue: 16.1R7-S6, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.2X75-D44,
17.3R2-S5, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3,
18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R2-S3,
18.3R3, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and
all subsequent releases.
This issue is being tracked as 1407000.
Workaround:
There are no viable workarounds for this issue.
Implementation:
How to obtain fixed software:
Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security
Advisory and Security Notices will indicate which Maintenance and Service
Releases contain fixes for the issues described. Upon request to JTAC,
customers will be provided download instructions for a Service Release.
Although Juniper does not provide formal Release Note documentation for a
Service Release, a list of "PRs fixed" can be provided on request.
Modification History:
2020-04-08: Initial publication
CVSS Score:
6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Related Links
o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
o KB16765: In which releases are vulnerabilities fixed?
o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
o Report a Vulnerability - How to Contact the Juniper Networks Security
Incident Response Team
o CVE-2020-1625: Junos OS: Kernel memory leak in virtual-memory due to
interface flaps
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named.
Article ID : JSA10994
Last Updated: 08 Apr 2020
Version : 4.0
Product Affected:
These issues affect Junos OS 12.1X46, 12.3X48, 15.1X49, 17.3, 17.4, 18.1, 18.2,
18.3, 18.4, 19.1. Affected platforms: SRX Branch Series, vSRX Series.
Problem:
These issues are only applicable to SRX Branch Series and vSRX Series with DNS
Proxy server enabled.
These issues affect:
Juniper Networks Junos OS
12.1X46 versions prior to 12.1X46-D86 on SRX Branch Series, vSRX Series;
12.3X48 versions prior to 12.3X48-D80 on SRX Branch Series, vSRX Series;
15.1X49 versions prior to 15.1X49-D180 on SRX Branch Series, vSRX Series;
17.3 versions prior to 17.3R3-S7 on SRX Branch Series, vSRX Series;
17.4 versions prior to 17.4R3 on SRX Branch Series, vSRX Series;
18.1 versions prior to 18.1R3-S9 on SRX Branch Series, vSRX Series;
18.2 versions prior to 18.2R3 on SRX Branch Series, vSRX Series;
18.3 versions prior to 18.3R2 on SRX Branch Series, vSRX Series;
18.4 versions prior to 18.4R1-S6, 18.4R2 on SRX Branch Series, vSRX Series;
19.1 versions prior to 19.1R1 on SRX Branch Series, vSRX Series.
The following minimal configuration is required:
[system services dns dns-proxy]
Juniper SIRT is not aware of any malicious exploitation of these
vulnerabilities.
These issues were discovered during an external security research.
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices
has been upgraded to resolve the following vulnerabilities:
CVE CVSS Summary
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x
6.8 ( CVSS:3.0 before 9.10.3-P4 does not properly handle DNAME
/AV:N/AC:H/ records when parsing fetch reply messages, which
CVE-2016-1285 PR:N/UI:N/S:C/ allows remote attackers to cause a denial of
C:N/I:N/A:H ) service (assertion failure and daemon exit) via a
malformed packet to the rndc (aka control channel)
interface, related to alist.c and sexpr.c.
8.6 ( CVSS:3.0 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x
/AV:N/AC:L/ before 9.10.3-P4 allows remote attackers to cause
CVE-2016-1286 PR:N/UI:N/S:C/ a denial of service (assertion failure and daemon
C:N/I:N/A:H ) exit) via a crafted signature record for a DNAME
record, related to db.c and resolver.c.
Solution:
The following software releases have been updated to resolve these specific
issues: 12.1X46-D86, 12.3X48-D80, 15.1X49-D180, 17.3R3-S7, 17.4R3, 18.1R3-S9,
18.2R3, 18.2X75-D12, 18.2X75-D51, 18.2X75-D60, 18.3R2, 18.4R1-S6, 18.4R2,
19.1R1, and all subsequent releases.
These issues are being tracked as 1168322 .
Workaround:
There are no viable workarounds for these issues.
To reduce the impact of exploitation, we suggest customers split primary and
secondary DNS looksups and assignments between the local Proxy DNS service and
centralized/remote DNS servers.
Modification History:
2020-04-08: Initial publication
CVSS Score:
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement. (CVE-2020-1613)
Article ID : JSA10996
Last Updated: 08 Apr 2020
Version : 1.0
Product Affected:
This issue affects Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49,
15.1X53, 16.1, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2X75.
Problem:
A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks
Junos OS device to terminate an established BGP session upon receiving a
specific BGP FlowSpec advertisement.
The BGP NOTIFICATION message that terminates an established BGP session is sent
toward the peer device that originally sent the specific BGP FlowSpec
advertisement.
This specific BGP FlowSpec advertisement received from a BGP peer might get
propagated from a Junos OS device running the fixed release to another device
that is vulnerable causing BGP session termination downstream.
This issue affects IPv4 and IPv6 BGP FlowSpec deployment.
This issue affects Juniper Networks Junos OS:
12.3;
12.3X48 on SRX Series;
14.1X53 on EX and QFX Series;
15.1 versions prior to 15.1R7-S5;
15.1F versions prior to 15.1F6-S13;
15.1X49 versions prior to 15.1X49-D180 on SRX Series;
15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110;
15.1X53 versions prior to 15.1X53-D497 on NFX Series;
15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400;
16.1 versions prior to 16.1R7-S7;
17.1 versions prior to 17.1R2-S12, 17.1R3;
17.2 versions prior to 17.2R2-S7, 17.2R3;
17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44;
17.3 versions prior to 17.3R2-S5, 17.3R3-S5;
17.4 versions prior to 17.4R1-S8, 17.4R2;
18.1 versions prior to 18.1R2-S4, 18.1R3;
18.2X75 versions prior to 18.2X75-D20.
This issue affects Junos OS devices with the BGP FlowSpec configured:
[procotol bgp ... family inet flow]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1613 .
Solution:
The following software releases have been updated to resolve this specific
issue: 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497,
15.1X53-D592, 16.1R7-S7, 17.1R3,17.2R2-S7, 17.2R3,17.2X75-D102, 17.2X75-D110,
17.3R3-S5, 17.4R1-S8, 17.4R2, 18.1R2-S4, 18.1R3, 18.2X75-D20, 18.2R1, and all
subsequent releases.
This issue is being tracked as 1323474 .
Workaround:
There are no known workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/ .
Modification History:
2020-04-08: Initial publication
CVSS Score:
8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: vMX: Default credentials supplied in vMX configuration (CVE-2020-1615)
Article ID : JSA10998
Last Updated: 08 Apr 2020
Version : 3.0
Product Affected:
This issue affects Junos OS 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3,
18.4, 19.1, 19.2, 19.3. Affected platforms: vMX.
Problem:
The factory configuration for vMX installations, as shipped, includes default
credentials for the root account. Without proper modification of these default
credentials by the administrator, an attacker could exploit these credentials
and access the vMX instance without authorization.
This issue affects Juniper Networks Junos OS:
o 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX;
o 17.2 versions prior to 17.2R3-S3 on vMX;
o 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX;
o 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX;
o 18.1 versions prior to 18.1R3-S9 on vMX;
o 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX;
o 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX;
o 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX;
o 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX;
o 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX;
o 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX;
o 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was found during internal product security testing or research.
This issue has been assigned CVE-2020-1615 .
Solution:
The following software releases have been updated to resolve this specific
issue: 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9,
17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.2X75-D420, 18.2X75-D60, 18.3R1-S7,
18.3R2-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.1R3,
19.2R1-S3, 19.2R2, 19.3R1-S1, 19.3R2, 19.4R1, and all subsequent releases.
This issue is being tracked as 1344858 .
Workaround:
Security best practices recommend that the root password be configured on any
newly installed vMX instance prior to deployment.
Implementation:
How to obtain fixed software:
Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security
Advisory and Security Notices will indicate which Maintenance and Service
Releases contain fixes for the issues described. Upon request to JTAC ,
customers will be provided download instructions for a Service Release.
Although Juniper does not provide formal Release Note documentation for a
Service Release, a list of "PRs fixed" can be provided on request.
Modification History:
2020-04-08: Initial publication
CVSS Score:
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Severity Level:
Critical
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. A second packet received and inspected by sFlow will cause a core and reboot. (CVE-2020-1617)
Article ID : JSA11000
Last Updated: 08 Apr 2020
Version : 3.0
Product Affected:
This issue affects Junos OS 17.4, 18.1, 18.2, 18.2X75, 18.3. Affected
platforms: PTX1000 and PTX10000 Series, QFX10000 Series.
Problem:
This issue occurs on Juniper Networks Junos OS devices which do not support
Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT).
Devices using AFI and AFT are not exploitable to this issue.
An improper initialization of memory in the packet forwarding architecture in
Juniper Networks Junos OS non-AFI/AFT platforms may lead to a Denial of Service
(DoS) vulnerability being exploited when a genuine packet is received and
inspected by non-AFT/AFI sFlow and when the device is also configured with
firewall policers.
This first genuine packet received and inspected by sampled flow (sFlow)
through a specific firewall policer will cause the device to reboot.
After the reboot has completed, if the device receives and sFlow inspects
another genuine packet seen through a specific firewall policer, the device
will generate a core file and reboot.
Continued inspection of these genuine packets will create an extended Denial of
Service (DoS) condition. Depending on the method for service restoration, e.g.
hard boot or soft reboot, a core file may or may not be generated the next time
the packet is received and inspected by sFlow.
This issue affects:
Juniper Networks Junos OS
17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series,
QFX10000 Series;
18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000
Series;
18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000
Series, QFX10000 Series;
18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series;
18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series.
This issue is not applicable to Junos OS versions before 17.4R1.
This issue is not applicable to Junos OS Evolved or Junos OS with Advanced
Forwarding Toolkit (AFT) forwarding implementations which use a different
implementation of sFlow.
The following example information is unrelated to this issue and is provided
solely to assist you with determining if you have AFT or not.
Example: A Junos OS device which supports the use of EVPN signaled VPWS with
Flexible Cross Connect uses the AFT implementation. Since this configuration
requires support and use of the AFT implementation to support this
configuration, the device is not vulnerable to this issue as the sFlow
implementation is different using the AFT architecture.
For further details about AFT visit the AFI / AFT are in the links below.
If you are uncertain if you use the AFI/AFT implementation or not, there are
configuration examples in the links below which you may use to determine if you
are vulnerable to this issue or not. If the commands work, you are. If not, you
are not. You may also use the Feature Explorer to determine if AFI/AFT is
supported or not. If you are still uncertain, please contact your support
resources.
The corrupted memory initialization is restricted to the sFlow process.
The firewall policer provides the method for the exploitation to take place.
Disabling either resolves the exploitation of this issue, but does not fix the
underlying vulnerability.
The following minimal configuration is required for the issue to be seen:
firewall policer
and
sflow
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1617 .
Solution:
The following software releases have been updated to resolve this specific
issue: 17.4R2-S9, 17.4R3;18.2X75-D12, 18.2X75-D30, 18.1R3-S9, 18.2R3, 18.3R3,
18.4R1, and all subsequent releases.
This issue is being tracked as 1372944 .
Workaround:
Discontinue use of firewall policers.
Or
Discontinue use of sFlow.
Or
Both of the above. It is not required to discontinue both to mitigate the
issue.
There are no other available workarounds.
Implementation:
Software release Service Packages are available at http://support.juniper.net
from the "Download Software" links.
Modification History:
2020-04-08: Initial publication
CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change. (CVE-2020-1630)
Article ID : JSA11010
Last Updated: 08 Apr 2020
Version : 2.0
Product Affected:
This issue affects Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 16.1, 16.2,
17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2.
Problem:
A privilege escalation vulnerability in Juniper Networks Junos OS devices
configured with dual Routing Engines (RE), Virtual Chassis (VC) or
high-availability cluster may allow a local authenticated low-privileged user
with access to the shell to perform unauthorized configuration modification.
This issue does not affect Junos OS device with single RE or stand-alone
configuration.
This issue affects Juniper Networks Junos OS
12.3 versions prior to 12.3R12-S14;
12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90;
14.1X53 versions prior to 14.1X53-D51;
15.1 versions prior to 15.1R7-S6;
15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190;
15.1X49 versions prior to 15.1X53-D592;
16.1 versions prior to 16.1R4-S13, 16.1R7-S6;
16.2 versions prior to 16.2R2-S10;
17.1 versions prior to 17.1R2-S11, 17.1R3-S1;
17.2 versions prior to 17.2R1-S9, 17.2R3-S3;
17.3 versions prior to 17.3R3-S6;
17.4 versions prior to 17.4R2-S6, 17.4R3;
18.1 versions prior to 18.1R3-S7;
18.2 versions prior to 18.2R2-S5, 18.2R3-S1;
18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60,
18.2X75-D411;
18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3;
18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3;
19.1 versions prior to 19.1R1-S2, 19.1R2;
19.2 versions prior to 19.2R1-S1, 19.2R2.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was found during internal product security testing or research.
This issue has been assigned CVE-2020-1630 .
Solution:
The following software releases have been updated to resolve this specific
issue: 12.3R12-S14, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1R7-S6,
15.1X49-D181, 15.1X49-D190, 15.1X53-D592, 16.1R4-S13, 16.1R7-S6, 16.2R2-S10,
17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S3, 17.2X75-D110, 17.2X75-D44,
17.3R3-S6, 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3-S1, 18.2X75-D12,
18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6,
18.3R2-S1, 18.3R2-S3, 18.3R3, 18.4R1-S4, 18.4R1-S5, 18.4R2-S1, 18.4R3,
19.1R1-S2, 19.1R2, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases.
This issue is being tracked as 1441795 .
Workaround:
Disallow unprivileged authenticated users access to Junos shell.
Limit shell access to only trusted administrators.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/ .
Modification History:
2020-04-08: Initial publication
CVSS Score:
5.0 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632)
Article ID : JSA11013
Last Updated: 08 Apr 2020
Version : 3.0
Product Affected:
This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1,
18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2. This issue affects Junos OS Evolved.
Problem:
In a certain condition, receipt of a specific BGP UPDATE message might cause
Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid
BGP UPDATE message to other peers, causing the other peers to terminate the
established BGP session, creating a Denial of Service (DoS) condition. For
example, Router A sends a specific BGP UPDATE to Router B, causing Router B to
send an invalid BGP UPDATE message to Router C, resulting in termination of the
BGP session between Router B and Router C.
This issue might occur when there is at least a single BGP session established
on the device that does not support 4 Byte AS extension (RFC 4893).
Repeated receipt of the same BGP UPDATE can result in an extended DoS
condition.
This issue affects Juniper Networks Junos OS:
16.1 versions prior to 16.1R7-S6;
16.2 versions prior to 16.2R2-S11;
17.1 versions prior to 17.1R2-S11, 17.1R3-S2;
17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;
17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44;
17.3 versions prior to 17.3R2-S5, 17.3R3-S7;
17.4 versions prior to 17.4R2-S8, 17.4R3;
18.1 versions prior to 18.1R3-S8;
18.2 versions prior to 18.2R2-S6, 18.2R3-S2;
18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420,
18.2X75-D51, 18.2X75-D60;
18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3;
18.4 versions prior to 18.4R1-S5, 18.4R3;
18.4 version 18.4R2 and later versions;
19.1 versions prior to 19.1R1-S3, 19.1R2;
19.2 versions prior to 19.2R1-S2, 19.2R2.
This issue does not affect Juniper Networks Junos OS prior to 16.1R1.
This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO.
The following command can be used to check if the peer device does not support
4-Byte AS extension:
user@device> show bgp neighbor
...
Peer does not support 4 byte AS extension
...
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1632 .
Solution:
Junos OS: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8,
17.2R3-S3, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S7,
17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R2-S6, 18.2R3-S2, 18.2X75-D12, 18.2X75-D33,
18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60, 18.3R1-S6, 18.3R2-S3,
18.3R3, 18.4R1-S5, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and
all subsequent releases.
Junos OS Evolved: 19.2R2-EVO, 19.3R1-EVO and all subsequent releases.
This issue is being tracked as 1454677 .
Workaround:
There are no viable workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/ .
Modification History:
2020-04-08: Initial publication
2020-04-08: Removing description section related to 2 possible conditions (previously the statement "However, if all the "show bgp neighbor" outputs contain the line "Peer does not support 4 byte AS extension", this issue is not exposed." is not correct.
CVSS Score:
8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634)
Article ID : JSA11014
Last Updated: 08 Apr 2020
Version : 2.0
Product Affected:
This issue affects Junos OS 12.3X48. Affected platforms: High-End SRX Series.
Problem:
On High-End SRX Series devices, in specific configurations and when specific
networking events or operator actions occur, an SPC receiving genuine multicast
traffic may core. Subsequently, all FPCs in a chassis may reset causing a
Denial of Service.
This issue affects both IPv4 and IPv6.
This issue affects:
Juniper Networks Junos OS
12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End
SRX Series.
This issue does not affect Branch SRX Series devices.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1634 .
Solution:
The following software releases have been updated to resolve this specific
issue: 12.3X48-D95, and all subsequent releases.
This issue is being tracked as 1465944 .
Workaround:
There are no viable workarounds for this issue.
Implementation:
Software release Service Packages are available at http://support.juniper.net
from the "Download Software" links.
Modification History:
2020-04-08: Initial publication
CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------------------------------------------------------------
2020-04 Security Bulletin: Junos OS: Multiple IPsec AH vulnerabilities resolved.
Article ID : JSA11016
Last Updated: 08 Apr 2020
Version : 5.0
Product Affected:
These issues affect Junos OS 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2,
17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3.
Problem:
Multiple vulnerabilities that affect FreeBSD's implementation of IPSec's
Authentication Header (AH) protocol have been fixed in Juniper Networks Junos
OS.
These issues only affect systems configured for IPsec when the AH protocol is
used.
These issues allow an attacker from a trusted host to potentially be able to
take control of the device by sending a specifically constructed IP packet that
may lead to a system crash. Additionally, an attacker from any host may crash
the target by sending an arbitrary packet to the device causing a Denial of
Service (DoS). Sustained receipt of these specifically constructed or arbitrary
packets will result in an extended Denial of Service condition.
Devices not configured for IPsec AH use are not exploitable to these issues.
These issues affect:
Juniper Networks Junos OS
15.1 versions prior to 15.1R7-S6;
15.1X49 versions prior to 15.1X49-D200 on SRX Series;
15.1X53 versions prior to 15.1X53-D593 on EX2300, EX3400;
16.1 versions prior to 16.1R7-S7;
16.2 versions prior to 16.2R2-S11;
17.1 versions prior to 17.1R2-S11, 17.1R3-S2;
17.2 versions prior to 17.2R3-S3;
17.2X75 versions prior to 17.2X75-D44, 17.2X75-D105, 17.2X75-D110;
17.3 versions prior to 17.3R2-S5, 17.3R3-S7;
17.4 versions prior to 17.4R2-S9, 17.4R3;
18.1 versions prior to 18.1R3-S9;
18.2 versions prior to 18.2R2-S6, 18.2R3-S3;
18.2X75 versions prior to 18.2X75-D33, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420;
18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1;
18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;
19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3;
19.2 versions prior to 19.2R1-S2, 19.2R2;
19.3 versions prior to 19.3R1-S1, 19.3R2, 19.3R3.
These issues do not affect Junos OS prior to 15.1R1.
These issues exist where the ah protocol is configured or in use.
One example of one minimal configuration is the "manual" IPSec SA
configuration:
security ipsec security-association <sa-name> manual direction <direction>
protocol ah
Other configurations apply.
Juniper SIRT is not aware of any malicious exploitation of these
vulnerabilities.
These issues were discovered during an external security research.
CVE CVSS Summary
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9,
10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28,
7.5 ( CVSS:3.0 the length field of the ipsec option header does
CVE-2018-6918 /AV:N/AC:L/ not count the size of the option header itself,
PR:N/UI:N/S:U/ causing an infinite loop when the length is zero.
C:N/I:N/A:H ) This issue can allow a remote attacker who is able
to send an arbitrary packet to cause the machine
to crash.
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7,
10.4-STABLE, 10.4-RELEASE-p7, and
9.8 ( CVSS:3.0 10.3-RELEASE-p28, the kernel does not properly
CVE-2018-6916 /AV:N/AC:L/ validate IPsec packets coming from a trusted host.
PR:N/UI:N/S:U/ Additionally, a use-after-free vulnerability
C:H/I:H/A:H ) exists in the IPsec AH handling code. This issue
could cause a system crash or other unpredictable
results.
Solution:
The following software releases have been updated to resolve these specific
issues: 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.2R2-S11,
17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.2X75-D44, 17.2X75-D105, 17.2X75-D110,
17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S6, 18.2R3-S3,
18.2X75-D33, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420, 18.3R1-S7, 18.3R2-S3,
18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1-S2,
19.2R2, 19.3R1-S1, 19.3R2, 19.3R3, 19.4R1, and all subsequent releases.
These issues are being tracked as 1470693 .
Workaround:
There are no known workarounds for AH-only configurations.
Customers may configure ESP instead of AH as it may be configured for both
confidentiality and integrity.
Note: You can configure encryption when AH is not in use.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net
/support/downloads/ .
Modification History:
2020-04-08: Initial publication
CVSS Score:
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Severity Level:
Critical
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXo6Q4WaOgq3Tt24GAQjeOxAA3h7avjL22jmOCuGNOaNmgxVpueVsNbe0
0qyL8+tMthafzoiqeAsWY11QSl5Mv9ATw0QOOa0Fn3drAxJGvZ3Wc8L1KJWjtDPm
hBzYQ9x2NFgFrTujK+lf5koct35LJig85KA5iBgJME2gyezrvMV3PgxfKKh/Hmuh
irk1hUFcnccfkuslCgPdGoDFbVXeXiHiyII1NEa3mJHt0JAtOKTyYNcfHp2VfNHI
ykkMxHouriuBz5tBuDQ6s9u0Y+cg+Cro6XLJ6o6+xcPc54e7IdIBDJskKPDsJ/Fp
jPVBZ03nFUT1ZkzXO4W1fsL8aWMGDqnLBMGIcDC7FU4zKcvnbZ89nZQ1hqUMVDdh
ivLZBWFHdmju7K6gDg0zRYStpPPkgCXDiO7tiGstmku5iFB0xrJlXtwpfW3wk9Er
QfO7Hrw2OXBw25Jv2oqt2tVUes4WmntOQjWke8PqwWmQL9ioX5m1x5cQwTpJYzr6
MCaNo91RIHo3A9HHxgzbp7g3BpI8O8gBHfWsM4FV+heIUdWu+JmknoWev04vt4y3
Au3g8qzTvb6O3Obb6RaiH5qQq8KeUrFV7vGK8yqqsGIvcNI7pnIRltWWAqd8BACq
MizZOG3DYmSRjpaLGEHWtnmMqkM1cwr4+Aro+UFXerMDAbF2KS62kDz4unex8Np3
nmU7I4i55fQ=
=P87l
-----END PGP SIGNATURE-----