Security News

Juniper Networks flings out emergency patches for perfect 10 router vuln
2024-07-01 11:32

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Juniper Networks Releases Critical Security Update for Routers
2024-07-01 06:25

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as...

Juniper releases out-of-cycle fix for max severity auth bypass flaw
2024-06-30 15:14

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device," reads the description of the vulnerability.

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
2024-01-30 15:30

The four vulnerabilities reported to Juniper Networks by watchTowr researcher Aliz Hammond, which were later found to be missing individual CVEs, have now each been disclosed separately, per an out-of-cycle security advisory. Despite submitting four vulnerability reports in total, Juniper credited watchTowr with the discovery of just two.

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The...

Ivanti and Juniper Networks accused of bending the rules with CVE assignments
2024-01-22 15:00

The networking giant was accused of patching security flaws without disclosing them as standalone vulnerabilities, while Ivanti was called out for seemingly bundling multiple vulnerabilities under a single registered Common Vulnerabilities and Exposures ID. Security vulnerabilities that are serious enough to require patching to avoid problems for organizations generally need to be registered with a CVE Numbering Authority and added to the CVE program. Once registered with a CVE ID, vulnerabilities can be more easily identified and tracked by organizations, making their patching routine more easily manageable.

Thousands of Juniper Networks devices vulnerable to critical RCE bug
2024-01-15 19:34

More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches.

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
2024-01-15 09:03

Juniper Networks has fixed a critical pre-authentication remote code execution vulnerability in Junos OS on SRX firewalls and EX switches.CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat actor to carry out a denial-of service attack, an RCE attack, or gain root privileges on exposed devices.

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
2024-01-13 10:45

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated...

Juniper warns of critical RCE bug in its firewalls and switches
2024-01-12 17:36

Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. CISA also warned in November of a Juniper pre-auth RCE exploit used in the wild, chaining four bugs tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 and impacted the company's SRX firewalls and EX switches.