Security News

Juniper warns of Mirai botnet scanning for Session Smart routers
2024-12-19 18:27

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. [...]

Juniper warns of Mirai botnet targeting Session Smart routers
2024-12-19 18:27

Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. [...]

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
2024-12-19 13:37

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company...

Juniper Networks flings out emergency patches for perfect 10 router vuln
2024-07-01 11:32

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Juniper Networks Releases Critical Security Update for Routers
2024-07-01 06:25

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as...

Juniper releases out-of-cycle fix for max severity auth bypass flaw
2024-06-30 15:14

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device," reads the description of the vulnerability.

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
2024-01-30 15:30

The four vulnerabilities reported to Juniper Networks by watchTowr researcher Aliz Hammond, which were later found to be missing individual CVEs, have now each been disclosed separately, per an out-of-cycle security advisory. Despite submitting four vulnerability reports in total, Juniper credited watchTowr with the discovery of just two.

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The...

Ivanti and Juniper Networks accused of bending the rules with CVE assignments
2024-01-22 15:00

The networking giant was accused of patching security flaws without disclosing them as standalone vulnerabilities, while Ivanti was called out for seemingly bundling multiple vulnerabilities under a single registered Common Vulnerabilities and Exposures ID. Security vulnerabilities that are serious enough to require patching to avoid problems for organizations generally need to be registered with a CVE Numbering Authority and added to the CVE program. Once registered with a CVE ID, vulnerabilities can be more easily identified and tracked by organizations, making their patching routine more easily manageable.

Thousands of Juniper Networks devices vulnerable to critical RCE bug
2024-01-15 19:34

More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches.