Security News > 2022 > July > CISA pulls the fire alarm on Juniper Networks bugs

Juniper Networks has patched critical-rated bugs across its Junos Space, Contrail Networking and NorthStar Controller products that are serious enough to prompt CISA to weigh in and advise admins to update the software as soon as possible.

"CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates," according to the Feds' warning this week.

We'll start with the security holes in Junos Space, the vendor's network management software, which Juniper collectively rated "Critical." This is because, unlike the critical flaws detailed in three other security bulletins published this week, we don't know if these particular bugs are already being exploited.

All of the other products' critical security updates note that Juniper is not aware of any malicious exploitation - but that notice is conspicuously absent from the Junos Space flaws and the vendor didn't respond to The Register's inquiries about in-the-wild exploits.

The networking and security company also issued an alert about critical vulnerabilities in Junos Space Security Director Policy Enforcer - this piece provides centralized threat management and monitoring for software-defined networks - but noted that it's not aware of any malicious exploitation of these critical bugs.

In addition to the four critical security updates, Juniper also this week issued 24 that it deemed "High severity" for products including Junos OS, Secure Analytics, Identity Management Service, Paragon Active Assurance and Contrail Networking product lines.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/15/cisa_critical_juniper_bugs/