Juniper Junos OS 多個漏洞
發佈日期:
2024年01月12日
395
觀看次數
風險: 中度風險
類型: 操作系統 - Network
於 Juniper Junos OS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行程式碼、繞過保安限制及資料篡改。
影響
- 阻斷服務
- 權限提升
- 遠端執行程式碼
- 繞過保安限制
- 篡改
受影響之系統或技術
Juniper Networks Junos OS
- 21.1 21.1R3-S4之前的版本
- 21.1 21.1R3-S5之前的版本
- 21.2 21.2R3之前的版本
- 21.2 21.2R3-S3之前的版本
- 21.2 21.2R3-S4之前的版本
- 21.2 21.2R3-S5之前的版本
- 21.2 21.2R3-S6 on SRX Series之前的版本
- 21.2 21.2R3-S6之前的版本
- 21.2 21.2R3-S7之前的版本
- 21.2R1-EVO 之後的版本
- 21.3 21.3R2-S1, 21.3R3之前的版本
- 21.3 21.3R3-S3之前的版本
- 21.3 21.3R3-S4之前的版本
- 21.3 21.3R3-S5 on SRX Series之前的版本
- 21.3 21.3R3-S5之前的版本
- 21.3 21.3R3-S5-EVO之前的版本
- 21.4 21.4R2之前的版本
- 21.4 21.4R3之前的版本
- 21.4 21.4R3-EVO之前的版本
- 21.4 21.4R3-S3之前的版本
- 21.4 21.4R3-S4之前的版本
- 21.4 21.4R3-S5 on SRX Series之前的版本
- 21.4 21.4R3-S5之前的版本
- 21.4 21.4R3-S5-EVO之前的版本
- 21.4-EVO 21.4R3-EVO之前的版本
- 21.4-EVO 21.4R3-S5-EVO之前的版本
- 21.4-EVO 21.4R3-S6-EVO之前的版本
- 21.4R3 21.4R3-S4之前的版本
- 22.1 22.1R2之前的版本
- 22.1 22.1R2-S2, 22.1R3之前的版本
- 22.1 22.1R3之前的版本
- 22.1 22.1R3-EVO之前的版本
- 22.1 22.1R3-S1之前的版本
- 22.1 22.1R3-S2之前的版本
- 22.1 22.1R3-S3 on SRX Series之前的版本
- 22.1 22.1R3-S3之前的版本
- 22.1 22.1R3-S4之前的版本
- 22.1 22.1R3-S4-EVO之前的版本
- 22.1-EVO 22.1R3-EVO之前的版本
- 22.1-EVO 22.1R3-S2-EVO之前的版本
- 22.1-EVO 22.1R3-S4-EVO之前的版本
- 22.1-EVO 22.1R3-S5-EVO之前的版本
- 22.1R3 22.1R3-S3之前的版本
- 22.2 22.2R2之前的版本
- 22.2 22.2R2-S1, 22.2R3之前的版本
- 22.2 22.2R2-S2, 22.2R3之前的版本
- 22.2 22.2R2-S2-EVO, 22.2R3-EVO之前的版本
- 22.2 22.2R3之前的版本
- 22.2 22.2R3-EVO之前的版本
- 22.2 22.2R3-S1之前的版本
- 22.2 22.2R3-S2之前的版本
- 22.2 22.2R3-S3 SRX Series之前的版本
- 22.2 22.2R3-S3之前的版本
- 22.2 22.2R3-S3-EVO之前的版本
- 22.2-EVO 22.2R2-S1-EVO, 22.2R3-EVO之前的版本
- 22.2-EVO 22.2R3-EVO之前的版本
- 22.2-EVO 22.2R3-S2-EVO之前的版本
- 22.2R2 22.2R3-S1之前的版本
- 22.3 22.3R2, 22.3R3之前的版本
- 22.3 22.3R2之前的版本
- 22.3 22.3R2-EVO, 22.3R3-EVO之前的版本
- 22.3 22.3R2-S1, 22.3R3之前的版本
- 22.3 22.3R2-S2, 22.3R3之前的版本
- 22.3 22.3R3-EVO之前的版本
- 22.3 22.3R3-S1 on SRX Series之前的版本
- 22.3 22.3R3-S1之前的版本
- 22.3 22.3R3-S1-EVO之前的版本
- 22.3 22.3R3-S2之前的版本
- 22.3-EVO 22.3R2-EVO之前的版本
- 22.3-EVO versions later than 22.3R1-EVO之前的版本
- 22.4 22.4R1-S2, 22.4R2之前的版本
- 22.4 22.4R1-S2, 22.4R2-S2, 22.4R3之前的版本
- 22.4 22.4R2之前的版本
- 22.4 22.4R2-EVO, 22.4R3-EVO之前的版本
- 22.4 22.4R2-S1, 22.4R3之前的版本
- 22.4 22.4R2-S2, 22.4R3 on SRX Series之前的版本
- 22.4 22.4R2-S2, 22.4R3之前的版本
- 22.4 22.4R2-S2-EVO, 22.4R3-EVO之前的版本
- 22.4-EVO 22.4R2-EVO之前的版本
- 22.4-EVO 22.4R2-S2-EVO, 22.4R3-EVO之前的版本
- 23.1 23.1R2之前的版本
- 23.2 23.2R1-S1, 23.2R2之前的版本
- 23.2 23.2R1-S1-EVO, 23.2R2-EVO之前的版本
- 23.2 23.2R1-S2, 23.2R2之前的版本
- 23.2 23.2R2之前的版本
- 23.2-EVO 23.2R1-S2-EVO, 23.2R2-EVO之前的版本
- 所有 20.4R3-S3之前的版本
- 所有 20.4R3-S6之前的版本
- 所有 20.4R3-S7之前的版本
- 所有 20.4R3-S7-EVO之前的版本
- 所有 20.4R3-S8 on SRX Series之前的版本
- 所有 20.4R3-S8之前的版本
- 所有 20.4R3-S9之前的版本
- 所有 21.2R3-S3之前的版本
- 所有 21.2R3-S6之前的版本
- 所有 21.2R3-S7-EVO之前的版本
- 所有 21.3R3-S5-EVO之前的版本
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699
漏洞識別碼
- CVE-2023-36842
- CVE-2024-21585
- CVE-2024-21587
- CVE-2024-21591
- CVE-2024-21594
- CVE-2024-21595
- CVE-2024-21596
- CVE-2024-21597
- CVE-2024-21599
- CVE-2024-21600
- CVE-2024-21601
- CVE-2024-21602
- CVE-2024-21603
- CVE-2024-21606
- CVE-2024-21607
- CVE-2024-21611
- CVE-2024-21612
- CVE-2024-21613
- CVE-2024-21614
- CVE-2024-21616
- CVE-2024-21617
- CVE-2022-21699
- CVE-2024-21604
資料來源
相關連結
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699
分享至