Security News

The four vulnerabilities reported to Juniper Networks by watchTowr researcher Aliz Hammond, which were later found to be missing individual CVEs, have now each been disclosed separately, per an out-of-cycle security advisory. Despite submitting four vulnerability reports in total, Juniper credited watchTowr with the discovery of just two.

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The...

The networking giant was accused of patching security flaws without disclosing them as standalone vulnerabilities, while Ivanti was called out for seemingly bundling multiple vulnerabilities under a single registered Common Vulnerabilities and Exposures ID. Security vulnerabilities that are serious enough to require patching to avoid problems for organizations generally need to be registered with a CVE Numbering Authority and added to the CVE program. Once registered with a CVE ID, vulnerabilities can be more easily identified and tracked by organizations, making their patching routine more easily manageable.

More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches.

Juniper Networks has fixed a critical pre-authentication remote code execution vulnerability in Junos OS on SRX firewalls and EX switches.CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat actor to carry out a denial-of service attack, an RCE attack, or gain root privileges on exposed devices.

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated...

Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. CISA also warned in November of a Juniper pre-auth RCE exploit used in the wild, chaining four bugs tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 and impacted the company's SRX firewalls and EX switches.

Collaborative strategies are key to enhanced ICS securityIn this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems. Modeling organizations' defensive mechanisms with MITRE D3FENDFunded by the National Security Agency, MITRE's D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers.

CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Juniper Networks fixed four flaws affecting the J-Web GUI of Junos OS-powered devices in late August 2023, and urged customers to update their SRX firewalls and EX switches to plug the security holes.

The U.S. Cybersecurity and Infrastructure Security Agency has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation -.