- Juniper Network patches approximately 200 vulnerabilities at once.
- The vulnerabilities are affecting Junos Space and Contrail Networking.
- One of the vulnerabilities which can be tracked as CVE-2021-23017 has a CVSS score of 9.4.
Juniper Networks released security updates addressing almost 200 vulnerabilities affecting Junos Space and Contrail Networking. The company urged users to upgrade to version 22.1R1 and 21.4.0 respectively. Among those vulnerabilities, one of them, tracked as CVE-2021-23017, has a CVSS score of 9.4. It allows an attacker to crash devices or execute arbitrary codes.
Junos Space and Contrail Networking
Juniper Networks announced that while 31 bugs are affecting Junos Space network management software, 166 security vulnerabilities impact Contrail Networking, affecting all versions before 21.4.0. The security vulnerabilities impacting Contrail Networking have a collective CVSS score of 10.0, which is the maximum.
The company stated that vulnerabilities were resolved in the Junos Space 22.1R1 release by updating third-party software included with Junos Space or by fixing vulnerabilities found during external security research. About the vulnerability, CVE-2021-23017, the company said,
« A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. »
This issue affects:
Juniper Networks NorthStar Controller
- All versions prior to 5.1.0 Service Pack 6;
- 6 versions prior to 6.2.2.