Juniper Networks Updates
2760Warning Date
Severity Level
Warning Number
Target Sector
9 July, 2020
● Critical
2020-1472
All
Description:
Juniper Networks has released security updates to address multiple vulnerabilities in the following products:
- Juniper Networks Junos OS
- 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70;
- 19.4 versions 19.4R1 and 19.4R1-S1;
- 20.1 versions prior to 20.1R1-S2, 20.1R2.
- 17.2X75 versions prior to 17.2X75-D105.19;
- 17.3 versions prior to 17.3R3-S8;
- 17.4 versions prior to 17.4R2-S10, 17.4R3-S2;
- 18.1 versions prior to 18.1R3-S10;
- 18.2 versions prior to 18.2R2-S7, 18.2R3-S4;
- 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60;
- 18.3 versions prior to 18.3R2-S4, 18.3R3-S2;
- 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2;
- 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;
- 19.2 versions prior to 19.2R1-S5, 19.2R2;
- 19.3 versions prior to 19.3R2-S2, 19.3R3;
- 19.4 versions prior to 19.4R1-S2, 19.4R2.
- 12.3 versions prior to 12.3R12-S15;
- 12.3X48 versions prior to 12.3X48-D95;
- 15.1 versions prior to 15.1R7-S6;
- 15.1X49 versions prior to 15.1X49-D200;
- 15.1X53 versions prior to 15.1X53-D593;
- 16.1 versions prior to 16.1R7-S7;
- 17.1 versions prior to 17.1R2-S11, 17.1R3-S2;
- 17.2 versions prior to 17.2R1-S9, 17.2R3-S3;
- 17.3 versions prior to 17.3R2-S5, 17.3R3-S6;
- 17.4 versions prior to 17.4R2-S4, 17.4R3;
- 18.1 versions prior to 18.1R3-S5;
- 18.2 versions prior to 18.2R2-S7, 18.2R3;
- 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420;
- 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3;
- 18.4 versions prior to 18.4R1-S5, 18.4R2;
- 19.1 versions prior to 19.1R1-S4, 19.1R2
- 17.3 versions prior to 17.3R3-S8;
- 18.3 versions prior to 18.3R2-S4, 18.3R3-S1;
- 18.4 versions prior to 18.4R2-S5, 18.4R3;
- 19.1 versions prior to 19.1R2-S2, 19.1R3;
- 19.2 versions prior to 19.2R1-S5, 19.2R2;
- 19.3 versions prior to 19.3R2-S3, 19.3R3;
- 19.4 versions prior to 19.4R1-S3, 19.4R2.
- all versions prior to 19.4R2;
- 20.1 versions prior to 20.1R2.
- 15.1 versions prior to 15.1R7-S7;
- 15.1X49 versions prior to 15.1X49-D230;
- 15.1X53 versions prior to 15.1X53-D593;
- 16.1 versions prior to 16.1R7-S8;
- 17.2 versions prior to 17.2R3-S4;
- 17.3 versions prior to 17.3R3-S8;
- 17.4 versions prior to 17.4R2-S10, 17.4R3-S1;
- 18.1 versions prior to 18.1R3-S10;
- 18.2 versions prior to 18.2R2-S7, 18.2R3-S4;
- 18.2X75 versions prior to 18.2X75-D60;
- 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2;
- 18.4 versions prior to 18.4R2-S4, 18.4R3-S1;
- 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;
- 19.2 versions prior to 19.2R1-S4, 19.2R2;
- 19.3 versions prior to 19.3R2-S2, 19.3R3;
- 19.4 versions prior to 19.4R1-S1, 19.4R2.
- 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8;
- 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8;
- 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2;
- 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10;
- 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5;
- 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1)
- 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2;
- 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2);
- 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2;
- 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3;
- 19.3 versions prior to 19.3R2-S3, 19.3R3;
- 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3;
- 20.1 versions prior to 20.1R1-S1, 20.1R2.
- 12.3X48 versions prior to 12.3X48-D100;
- 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54;
- 15.1 versions prior to 15.1R7-S7;
- 15.1X49 versions prior to 15.1X49-D210;
- 15.1X53 versions prior to 15.1X53-D593;
- 16.1 versions prior to 16.1R7-S8;
- 17.1 versions prior to 17.1R2-S12;
- 17.2 versions prior to 17.2R3-S4;
- 17.3 versions prior to 17.3R3-S8;
- 17.4 versions prior to 17.4R2-S2, 17.4R3;
- 18.1 versions prior to 18.1R3-S2;
- 18.2 versions prior to 18.2R2, 18.2R3;
- 18.2X75 versions prior to 18.2X75-D40;
- 18.3 versions prior to 18.3R1-S2, 18.3R2.
- 17.2 versions prior to 17.2R3-S4 on MX Series;
- 17.3 versions prior to 17.3R3-S8 on MX Series;
- 17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series;
- 18.1 versions prior to 18.1R3-S10 on MX Series;
- 18.2 versions prior to 18.2R3-S3 on MX Series;
- 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series;
- 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series;
- 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series;
- 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series;
- 19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series;
- 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.
- 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
- 18.1 versions prior to 18.1R3-S10;
- 18.2 versions prior to 18.2R2-S7, 18.2R3-S5;
- 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34;
- 18.3 versions prior to 18.3R2-S4, 18.3R3-S2;
- 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1;
- 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;
- 19.2 versions prior to 19.2R1-S5, 19.2R2;
- 19.3 versions prior to 19.3R2-S3, 19.3R3;
- 19.4 versions prior to 19.4R1-S2, 19.4R2.
- 17.2 versions prior to 17.2R3-S4 on MX Series;
- 17.3 versions prior to 17.3R3-S8 on MX Series;
- 17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series;
- 18.1 versions prior to 18.1R3-S10 on MX Series;
- 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series;
- 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series;
- 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series;
- 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series;
- 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series;
- 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series;
- 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.
- Juniper Networks Junos OS Evolved
- 19.4-EVO versions prior to 19.4R2-S2-EVO;
- 20.1-EVO versions prior to 20.1R2-EVO
- Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7.
- Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO.
- Juniper Networks Junos OS on SRX Series
- 18.1 versions prior to 18.1R3-S9;
- 18.2 versions prior to 18.2R3-S3;
- 18.3 versions prior to 18.3R2-S4, 18.3R3-S1;
- 18.4 versions prior to 18.4R2-S5, 18.4R3;
- 19.1 versions prior to 19.1R2;
- 19.2 versions prior to 19.2R1-S2, 19.2R2;
- 19.3 versions prior to 19.3R2.
- Juniper Networks Junos Space and Junos Space Security Director versions prior to 20.1R1.
- Juniper Networks Junos Space versions prior to 20.1R1.
- Juniper Networks Junos Space Security Director versions prior to 20.1R1
- juniper Networks SRC
- 4.12.0 versions prior to 4.12.0-R4;
- 4.13.0 versions prior to 4.13.0-R2.
- Juniper Networks Junos OS on MX Series
- 17.2 versions prior to 17.2R3-S4;
- 17.2X75 versions prior to 17.2X75-D105.19;
- 17.3 versions prior to 17.3R3-S7;
- 17.4 versions prior to 17.4R1-S3, 17.4R2;
- 18.1 versions prior to 18.1R2.
- 17.2R2-S7;
- 17.3R3-S4, 17.3R3-S5;
- 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.);
- 17.4R3;
- 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8;
- 18.2R3, 18.2R3-S1, 18.2R3-S2;
- 18.3R2 and the SRs based on 18.3R2;
- 18.4R2 and the SRs based on 18.4R2;
- 19.1R1 and the SRs based on 19.1R1;
- 19.2R1 and the SRs based on 19.2R1;
- 19.3R1 and the SRs based on 19.3R1.
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of Service (DoS) attack -remotely
- Buffer overflow
- Bypass security restrictions
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to apply the necessary update according to the links below:
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11035&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11033&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11034&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11031&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11032&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11027&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11028&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11025&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11024&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11030&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11041&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11040&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11039&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11038&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11037&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11036&cat=SIRT_1&actp=LIST