Log in
Forgot password ?
Become a member for free
Sign up
Sign up
Dynamic quotes 

MarketScreener Homepage  >  Equities  >  Nyse  >  Juniper Networks    JNPR


News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

Juniper : releases barrage of security fixes for security, networking devices

share with twitter share with LinkedIn share with facebook
share via e-mail
01/12/2019 | 03:38am EDT

Juniper Networks has released patches for vulnerabilities affecting its networking and security devices running Junos OS, as well as a bucketload of security flaws in the Junos Space Network Management Platform, the Juniper Advanced Threat Prevention (JATP) appliance, and the SRX Series networking firewalls.

Junos OS flaws

Junos OS is the FreeBSD-based operating system used in Juniper Networks hardware routers, switches, gateways and security devices.

The most critical holes that have been plugged are:

CVE-2019-0006 an issue that can be triggered with a specially crafted HTTP packet and can result in a crash of the fxpc daemon or even lead to remote code execution. It affects Junipers EX, MX and QFX Virtual Chassis Platforms (combinations of standalone switches interconnected and managed as a single chassis).

CVE-2019-0007 a predictable IP ID Sequence Number in the software for virtualized vMX Series routers that could open the device as well as clients connecting through it to attacks (there are workarounds available).

A batch of critical and high risk holes in the third-party libxml2 software library for parsing XML documents, which is included in the OS.

For the remaining security advisories, check out Junipers dedicated page.

All except one fixed issue have been discovered during production usage. The outlier is CVE-2015-1283, a numeric error vulnerability affecting the Expat XML processing library in Junos OS that could lead to a DoS condition and can be triggered through a specially crafted XML data input.

That issue was discovered by external security researchers and Juniper SIRT is aware of a working proof of concept of this vulnerability, but not of any malicious exploitation attempts in the wild.

Issues affecting other devices

The resolved Junos Space vulnerabilities 39 CVE-numbered issues range from medium risk to critical. The most severe one is CVE-2018-1126, an integer overrun in the process browsing procps-ng library/utilities, which could allow attackers to take control of the vulnerable network management devices and redirect traffic to malicious sources.

Users are advised to upgrade to Junos Space 18.4R1 or later release.

The batch of fixed Juniper APT appliance vulnerabilities are collectively deemed critical, as they include two vulnerabilities (CVE-2019-0020, CVE-2019-0022) stemming from hard coded credentials, some of which share the same password, effectively giving an attacker the ability to take control of any installation of the software.

Theres also critical vulnerability (CVE-2019-0029) that could allow an attacker to access the Splunk server, as the Splunk credentials are logged in a file readable by authenticated local users.

Users should upgrade to Juniper ATP 5.0.3 and 5.0.4 releases and to do some proactive credential/passphrase/key changing after the upgrade.

The holes plugged in the SRX Series networking firewalls are two and both can result in attackers breaking encryption. The issues have been resolved in SRC 4.12.0-R1 and subsequent releases.

(c) Copyright: Arab News 2019 All rights reserved. Provided by SyndiGate Media Inc. (Syndigate.info)., source Middle East & North African Newspapers

share with twitter share with LinkedIn share with facebook
share via e-mail
06/17Juniper Networks Announces Date of Second Quarter 2019 Preliminary Financial ..
06/15JUNIPER : Dynamic Technology Lab Private Ltd Acquires Shares of 16,582 Juniper N..
06/12Juniper Networks Wins “Best of Show” Top Awards at Interop Tokyo ..
06/05JUNIPER : Nuvias Group Extends Partnership with Juniper Networks to include Mist..
06/04JUNIPER : BT selects Juniper Networks to underpin 5G capability with cloud netwo..
06/04JUNIPER : BT Chooses Juniper Networks to Underpin 5G Capability and Move to a Cl..
06/04JUNIPER : will move BT to a cloud-driven unified network infrastructure
06/03BT Chooses Juniper Networks to Underpin 5G Capability and Move to a Cloud-Dri..
05/31JUNIPER NETWORKS : Ex-dividend day for
05/30Juniper Networks Announces Date and Webcast Information for Upcoming Tech Tal..
More news
Financials ($)
Sales 2019 4 467 M
EBIT 2019 721 M
Net income 2019 463 M
Finance 2019 1 361 M
Yield 2019 2,81%
P/E ratio 2019 21,19
P/E ratio 2020 17,68
EV / Sales 2019 1,76x
EV / Sales 2020 1,67x
Capitalization 9 207 M
Duration : Period :
Juniper Networks Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends JUNIPER NETWORKS
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus HOLD
Number of Analysts 25
Average target price 27,0 $
Spread / Average Target 1,1%
EPS Revisions
Rami Rahim Chief Executive Officer & Director
Scott G. Kriens Chairman
Ken Miller Chief Financial Officer & Executive Vice President
Pradeep S. Sindhu Chief Technology Officer & Chief Scientist
Robert Worrall Chief Information Officer & Senior Vice President
Sector and Competitors