Vulnérabilités affectant plusieurs produits de Juniper

Titre	Vulnérabilités affectant plusieurs produits de Juniper
Numéro de Référence	Numéro de Référence 50141110/24
Date de publication	Date de publication 11 octobre 2024
Niveau de Risque	Niveau de Risque Important
Niveau d'Impact	Niveau d'Impact Important

Systèmes affectés:

 Plusieurs versions de Junos OS Evolved. Veuillez se référer aux bulletins de sécurité de
l’éditeur pour trouver les versions vulnérables
 Junos Space versions antérieures à 24.1R1 Patch v2
 Plusieurs versions de Junos OS. Veuillez se référer aux bulletins de sécurité de
l’éditeur pour trouver les versions vulnérables

Identificateurs externes:

CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-1247 CVE-2016-4450
CVE-2017-20005 CVE-2017-7529 CVE-2018-16845 CVE-2019-20372 CVE-2021-23017
CVE-2021-3618 CVE-2022-41741 CVE-2022-41742 CVE-2023-0567 CVE-2023-0568
CVE-2023-0662 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
CVE-2023-3823 CVE-2023-3824 CVE-2023-44487 CVE-2023-51385 CVE-2024-2511
CVE-2024-39515 CVE-2024-39516 CVE-2024-39525 CVE-2024-39526 CVE-2024-39527
CVE-2024-39534 CVE-2024-39544 CVE-2024-39547 CVE-2024-39563 CVE-2024-4741
CVE-2024-47489 CVE-2024-47490 CVE-2024-47491 CVE-2024-47493 CVE-2024-47494
CVE-2024-47495 CVE-2024-47496 CVE-2024-47497 CVE-2024-47498 CVE-2024-47499
CVE-2024-47501 CVE-2024-47502 CVE-2024-47503 CVE-2024-47504 CVE-2024-47506
CVE-2024-47507

Bilan de la vulnérabilité:

Juniper annonce la correction de plusieurs vulnérabilités affectant plusieurs versions de ses produits susmentionnés. Un attaquant distant pourrait exploiter ces vulnérabilités pour exécuter du code arbitraire, élever ses privilèges, contourner des mesures de sécurité, accéder à des données confidentielles ou causer un déni de service.

Solution:

Veuillez se référer aux bulletins de sécurité de Juniper afin d’installer les nouvelles mises à jour.

Risque:

 Déni de service
 Exécution de code arbitraire
 Elévation de privilèges
 Accès à des données confidentielles
 Contournement de mesures de sécurité

Référence:

Bulletins de sécurité juniper:
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-arace-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-
47494
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-beexhausted-CVE-2024-47490
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-theRE-CVE-2024-47489
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedConnections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534
Direction Générale de la Sécurité des Systèmes d’Information,
Centre de Veille de Détection et de Réaction aux Attaques
Informatiques
Tél : 05 37 57 21 47 – Fax : 05 37 57 20 53
Email : contact@macert.gov.ma
المديرية العامة ألمن نظم المعلىمات ,مديرية تدبير مركز اليقظة والرصد
والتصدي للهجمات المعلىماتية
هاتف: 74 12 74 74 57 – فاكس: 77 15 74 74 57
contact@macert.gov.ma اإللكتروني البريد
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-adual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-thedevice-CVE-2024-47495
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedLow-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedMultiple-vulnerabilities-resolved-in-c-ares-1-18-1
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedQFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-
47498
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedSpecific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resourceleak
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-EvolvedTCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-WebMultiple-vulnerabilities-resolved-in-PHP-software
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-SeriesThe-PFE-will-crash-on-running-specific-command-CVE-2024-47496
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MXwith-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusionscenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiplevulnerabilities-in-OSS-component-nginx-resolved
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiplevulnerabilities-resolved-in-OpenSSL
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-SeriesA-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE2024-47506
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-SeriesLow-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-SeriesQFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-
Direction Générale de la Sécurité des Systèmes d’Information,
Centre de Veille de Détection et de Réaction aux Attaques
Informatiques
Tél : 05 37 57 21 47 – Fax : 05 37 57 20 53
Email : contact@macert.gov.ma
المديرية العامة ألمن نظم المعلىمات ,مديرية تدبير مركز اليقظة والرصد
والتصدي للهجمات المعلىماتية
هاتف: 74 12 74 74 57 – فاكس: 77 15 74 74 57
contact@macert.gov.ma اإللكتروني البريد
exhaustion-CVE-2024-47497
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-
and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-
47503
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-
Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5KSRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causeslocal-FPC-to-crash-CVE-2024-47493
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-ofzero-0-is-accepted-CVE-2024-47507
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-anRPD-core-CVE-2024-47499
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGPpacket-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-SeriesReceipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE2024-39526
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crashCVE-2024-47491
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGPpacket-causes-RPD-crash-CVE-2024-39525
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-updatecauses-RPD-crash-CVE-2024-39515
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-JunosOS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE2024-39547
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-
Direction Générale de la Sécurité des Systèmes d’Information,
Centre de Veille de Détection et de Réaction aux Attaques
Informatiques
Tél : 05 37 57 21 47 – Fax : 05 37 57 20 53
Email : contact@macert.gov.ma
المديرية العامة ألمن نظم المعلىمات ,مديرية تدبير مركز اليقظة والرصد
والتصدي للهجمات المعلىماتية
هاتف: 74 12 74 74 57 – فاكس: 77 15 74 74 57
contact@macert.gov.ma اإللكتروني البريد
command-injection-vulnerability-in-OpenSSH-CVE-2023-51385
 https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-RemoteCommand-Execution-RCE-vulnerability-in-web-application-CVE-2024-3956

Brochure:

Vulnérabilités affectant plusieurs produits de Juniper.pdf