Log in
Forgot password ?
Become a member for free
Sign up
Sign up
Dynamic quotes 

MarketScreener Homepage  >  Equities  >  Nyse  >  Juniper Networks    JNPR


My previous session
Most popular
News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

Juniper : releases barrage of security fixes for security, networking devices

share with twitter share with LinkedIn share with facebook
share via e-mail
01/12/2019 | 04:38am EDT

Juniper Networks has released patches for vulnerabilities affecting its networking and security devices running Junos OS, as well as a bucketload of security flaws in the Junos Space Network Management Platform, the Juniper Advanced Threat Prevention (JATP) appliance, and the SRX Series networking firewalls.

Junos OS flaws

Junos OS is the FreeBSD-based operating system used in Juniper Networks hardware routers, switches, gateways and security devices.

The most critical holes that have been plugged are:

CVE-2019-0006 an issue that can be triggered with a specially crafted HTTP packet and can result in a crash of the fxpc daemon or even lead to remote code execution. It affects Junipers EX, MX and QFX Virtual Chassis Platforms (combinations of standalone switches interconnected and managed as a single chassis).

CVE-2019-0007 a predictable IP ID Sequence Number in the software for virtualized vMX Series routers that could open the device as well as clients connecting through it to attacks (there are workarounds available).

A batch of critical and high risk holes in the third-party libxml2 software library for parsing XML documents, which is included in the OS.

For the remaining security advisories, check out Junipers dedicated page.

All except one fixed issue have been discovered during production usage. The outlier is CVE-2015-1283, a numeric error vulnerability affecting the Expat XML processing library in Junos OS that could lead to a DoS condition and can be triggered through a specially crafted XML data input.

That issue was discovered by external security researchers and Juniper SIRT is aware of a working proof of concept of this vulnerability, but not of any malicious exploitation attempts in the wild.

Issues affecting other devices

The resolved Junos Space vulnerabilities 39 CVE-numbered issues range from medium risk to critical. The most severe one is CVE-2018-1126, an integer overrun in the process browsing procps-ng library/utilities, which could allow attackers to take control of the vulnerable network management devices and redirect traffic to malicious sources.

Users are advised to upgrade to Junos Space 18.4R1 or later release.

The batch of fixed Juniper APT appliance vulnerabilities are collectively deemed critical, as they include two vulnerabilities (CVE-2019-0020, CVE-2019-0022) stemming from hard coded credentials, some of which share the same password, effectively giving an attacker the ability to take control of any installation of the software.

Theres also critical vulnerability (CVE-2019-0029) that could allow an attacker to access the Splunk server, as the Splunk credentials are logged in a file readable by authenticated local users.

Users should upgrade to Juniper ATP 5.0.3 and 5.0.4 releases and to do some proactive credential/passphrase/key changing after the upgrade.

The holes plugged in the SRX Series networking firewalls are two and both can result in attackers breaking encryption. The issues have been resolved in SRC 4.12.0-R1 and subsequent releases.

(c) Copyright: Arab News 2019 All rights reserved. Provided by SyndiGate Media Inc. (Syndigate.info)., source Middle East & North African Newspapers

share with twitter share with LinkedIn share with facebook
share via e-mail
03/15JUNIPER NETWORKS INC : Change in Directors or Principal Officers, Financial Stat..
03/15Juniper Networks Appoints Anne DelSanto to Its Board of Directors
03/15JUNIPER : Expands Networking Simplicity Through Support of SONiC; Company broade..
03/15JUNIPER : Expands Networking Simplicity Through Support of SONiC
03/14Juniper Networks Announces Date of First Quarter 2019 Preliminary Financial R..
03/14JUNIPER : Expands Networking Simplicity Through Support of SONiC
03/07ADVISORS ASSET MANAGEMENT INC : . Invests $81,000 in Juniper Networks, Inc. Stoc..
03/06JUNIPER : Announces Intent to Acquire Mist Systems to Bring AI to IT, Delivering..
03/05JUNIPER : Announces Agreement to Acquire Mist Systems
03/04JUNIPER : to buy Mist Systems for $405m
More news
Financials ($)
Sales 2019 4 494 M
EBIT 2019 760 M
Net income 2019 493 M
Finance 2019 1 519 M
Yield 2019 2,86%
P/E ratio 2019 20,08
P/E ratio 2020 17,17
EV / Sales 2019 1,70x
EV / Sales 2020 1,59x
Capitalization 9 171 M
Duration : Period :
Juniper Networks Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends JUNIPER NETWORKS
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus HOLD
Number of Analysts 26
Average target price 26,0 $
Spread / Average Target -1,3%
EPS Revisions
Rami Rahim Chief Executive Officer & Director
Scott G. Kriens Chairman
Ken Miller Chief Financial Officer & Executive Vice President
Pradeep S. Sindhu Chief Technology Officer & Chief Scientist
Robert Worrall Chief Information Officer & Senior Vice President
Sector and Competitors