Juniper Networks fixed holes in the Junos operating system used on its networking and security appliances.
The most serious vulnerability, rated 9.8 in the Common Vulnerability Scoring System, is in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS.
The issue is an information leak that could allow unauthenticated users to gain administrative privileges to the device.
The flaw ended up fixed in Junos OS 12.1X46-D45, 12.1X46-D46, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D25, 13.3R10, 13.3R9-S1, 14.1R7, 14.1X53-D35, 14.2R6, 15.1A2, 15.1F4, 15.1X49-D30 and 15.1R3.
In addition, a temporary workaround is to disable J-Web or to limit which IP addresses can access the interface.
The company also fixed vulnerabilities that can lead to denial of service (DoS) conditions. One of them can end up used to crash the kernel of a Junos OS device with a 64-bit architecture by sending a specially crafted UDP packet destined to an interface IP address of the device itself.
Another kernel crash can end up triggered with specially crafted ICMP packets sent to Junos OS devices configured with a GRE or IPIP tunnel. The attack requires knowledge of network-specific information.
High-End SRX-Series chassis, configured in either standalone or cluster mode, are susceptible to several DoS conditions if the in-transit traffic matches one or more ALG (application layer gateway) rules.
Another Junos patch fixes a potential networking data leak when source and destination MAC addresses of Ethernet frames with the EtherType field of IPv6 (0x86DD) flood into the VPLS instance.