Juniper Networks has stepped up security updates to address several vulnerabilities affecting multiple products, some of which can be exploited to take control of affected systems.
The most significant vulnerability affects Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0 respectively.
Chief among them is a collection of 31 errors in software Junos Space network management, including CVE-2021-23017 (CVSS score: 9.4) can lead to the failure of vulnerable devices or possibly even arbitrary code execution.
“A security issue in the nginx resolver has been identified that could allow an attacker to spoof a UDP packet from a DNS server to overwrite 1-byte memory, resulting in a process crash,” the company said. of employees or other potential impacts,” the company said.
The same vulnerability has also been fixed in the Northstar Controller in versions 5.1.0 Service Pack 6 and 6.2.2.
In addition, the network equipment manufacturer has warned of many known problems that exist in CentOS 6.8 shipped with the Junos Space Policy Enforcer prior to version 22.1R1. As a mitigation, the version of CentOS packaged with the Policy Executor component has been upgraded to 7.9.
Also listed are 166 vulnerabilities affecting its Contrast Network product that affects all versions prior to 21.4.0 and has been combined for a maximum CVSS score of 10.0.
“Many vulnerabilities in third-party software used in Juniper Networks Contrast Networks were addressed in release 21.4.0 by upgrading a compatible Red Hat Universal Base Image (UBI) container image. with the Open Container Initiative (UBI) from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8, “it noted in an advisory.