Juniper Releases Fixes for Serious Flaws in Contrail Networking and Junos OS

A number of security flaws affecting a number of products have been fixed by Juniper Networks, some of which may be used to take over vulnerable systems.

The most serious problems impact Contrail Networking and Junos Space, and the tech business advises users to update to versions 22.1R1 and 21.4.0, respectively.

The most significant of these is a group of 31 flaws in the Junos Space network management programme, including CVE-2021-23017 (CVSS score: 9.4), which might cause arbitrary code execution or potentially cause a crash of susceptible devices.

According to the business, “a security flaw in nginx resolver was detected,” which might allow an attacker to corrupt one byte of memory and crash a worker process by forging UDP packets from the DNS server.

Versions 5.1.0 Service Pack 6 and 6.2.2 of Northstar Controller both address the same security flaw.

The manufacturer of networking equipment also advised users that CentOS 6.8, which ships with Junos Space Policy Enforcer prior to version 22.1R1, has a number of known concerns. As mitigations, CentOS 7.9 has been updated to include the Policy Enforcer component.

Additionally, 166 security flaws that affect all versions of its Contrail Networking software before 21.4.0 and have been given a combined CVSS score of 10.0 are also included.

The Open Container Initiative (OCI)-compliant Red Hat Universal Base Image (UBI) container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 has been upgraded in release 21.4.0, according to a Juniper Networks Contrail Networking advisory, which states that “multiple vulnerabilities in third party software used in Contrail Networking have been resolved.”