3 critical vulnerabilities in Juniper firewalls and devices can fully compromise your networks

Cybersecurity specialists report finding three vulnerabilities in Junos OS, the operating system used in the network products of the technology company Juniper Networks. According to the report, flaws could trigger denial of service (DoS) attacks, among other malicious scenarios.

Below are brief reports of the vulnerabilities found in addition to their respective tracking keys and scores as per to the Common Vulnerability Scoring System (CVSS).

CVE-2020–1661: Insufficient validation of user-provided input in the jdhcp process would allow remote hackers to send specially designed DHCP packets and deploy denial-of-service (DoS) attacks.

This is an average security flaw that received a score of 4.6/10.

CVE-2020–1669: This flaw exists because the Juniper Device Manager (JDM) container stores password hashes in the /etc/passwd read file. A local user could deploy a brute force attack to decrypt protected passwords on the system.

The flaw received a score of 4.1/10 on the CVSS scale.

CVE-2020–1667: This vulnerability exists due to a race condition when DNS filtering is enabled with one of the following MS-PIC, MS-MIC, or MS-MPC cards. This could be abused by a remote threat actor to exploit the race, cause a DoS condition, and escalate privileges on the system.

This is a high severity flaw that received a score of 7.1/10.

Vulnerabilities reside in the following versions of Juniper Junos OS: 12.3, 12.3R10, 12.3R11, 12.3R12, 12.3R12-S1, 12.3R12-S2, 12.3R12-S3, 12.3R12-S4, 12.3R12-S5, 12.3R12-S6, 12.3R12-S7, 12.3R12-S8, 12.3R12-S9, 12.3R12-S10, 12.3R12-S12, 12.3R12-S13, 12.3R12-S14, 12.3R12-S15, 12.3×48, 12.3X48–85, 12.3X48-D10, 12.3X48-D15, 12.3X48-D20, 12.3X48-D25, 12.3X48-D30, 12.3X48-D35, 12.3X48-D40, 12.3X48-D45, 12.3X48-D50, 12.3X48-D51, 12.3X48-D55, 12.3X48-D60, 12.3X48-D61, 12.3X48-D65, 12.3X48-D66, 12.3X48-D70, 12.3X48-D75, 12.3X48-D76, 12.3X48-D77, 12.3X48-D80, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 12.3X48-D100, 12.3X48-D101, 14.1×53, 14.1X53-D15, 14.1X53-D16, 14.1X53-D25, 14.1X53-D26, 14.1X53-D27, 14.1X53-D30, 14.1X53-D35, 14.1X53-D40, 14.1X53-D42, 14.1X53-D43, 14.1X53-D44, 14.1X53-D45, 14.1X53-D46, 14.1X53-D47, 14.1X53-D48, 14.1X53-D49, 14.1X53-D50, 14.1X53-D51, 15.1R, 15.1R1, 15.1R2, 15.1R3, 15.1R4, 15.1R4-S1, 15.1R4-S2, 15.1R4-S3, 15.1R4-S4, 15.1R4-S5, 15.1R4-S6, 15.1R4-S7, 15.1R4-S8, 15.1R4-S9, 15.1R5, 15.1R5-S4, 15.1R5-S5, 15.1R5-S7, 15.1R5-S51, 15.1R5-S52, 15.1R5-S53, 15.1R5-S54, 15.1R5-S55, 15.1R5-S56, 15.1R5-S57, 15.1R6, 15.1R6-S1, 15.1R6-S2, 15.1R6-S3, 15.1R6-S4, 15.1R6-S5, 15.1R6-S6, 15.1R7, 15.1R7-S2, 15.1R7-S3, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49, 15.1X49-D10, 15.1X49-D20, 15.1X49-D30, 15.1X49-D35, 15.1X49-D40, 15.1X49-D45, 15.1X49-D50, 15.1X49-D60, 15.1X49-D65, 15.1X49-D70, 15.1X49-D75, 15.1X49-D80, 15.1X49-D90, 15.1X49-D100, 15.1X49-D101, 15.1X49-D110, 15.1X49-D120, 15.1X49-D130, 15.1X49-D131, 15.1X49-D140, 15.1X49-D150, 15.1X49-D160, 15.1X49-D161, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1×49-D181, 15.1×49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X49-D211, 15.1X49-D220, 15.1X53, 15.1X53-D10, 15.1X53-D20, 15.1X53-D21, 15.1X53-D30, 15.1X53-D32, 15.1X53-D33, 15.1X53-D34, 15.1X53-D40, 15.1X53-D45, 15.1X53-D47, 15.1X53-D48, 15.1X53-D50, 15.1X53-D51, 15.1X53-D52, 15.1X53-D55, 15.1X53-D57, 15.1X53-D58, 15.1X53-D59, 15.1X53-D60, 15.1X53-D61, 15.1X53-D62, 15.1X53-D63, 15.1X53-D64, 15.1X53-D65, 15.1X53-D66, 15.1X53-D67, 15.1X53-D68, 15.1X53-D69, 15.1X53-D70, 15.1X53-D113, 15.1X53-D210, 15.1X53-D230, 15.1X53-D231, 15.1X53-D232, 15.1X53-D233, 15.1X53-D234, 15.1X53-D235, 15.1X53-D236, 15.1X53-D237, 15.1X53-D238, 15.1X53-D470, 15.1X53-D471, 15.1X53-D472, 15.1X53-D490, 15.1X53-D495, 15.1X53-D496, 15.1X53-D497, 15.1X53-D590, 15.1X53-D591, 15.1X53-D592, 16.1R, 16.1R1, 16.1R2, 16.1R3, 16.1R3-S1, 16.1R3-S2, 16.1R3-S3, 16.1R3-S4, 16.1R3-S5, 16.1R3-S6, 16.1R3-S7, 16.1R3-S8, 16.1R3-S10, 16.1R3-S11, 16.1R4, 16.1R4-S3, 16.1R4-S6, 16.1R4-S8, 16.1R4-S9, 16.1R4-S12, 16.1R4-S13, 16.1R5, 16.1R5-S3, 16.1R5-S4, 16.1R6, 16.1R6-S2, 16.1R6-S3, 16.1R6-S4, 16.1R6-S6, 16.1R7, 16.1R7-S1, 16.1R7-S2, 16.1R7-S3, 16.1R7-S4.

While these flaws could be exploited by unauthenticated remote threat actors, experts do not yet detect exploit attempts in real-world scenarios. Vulnerabilities have already been fixed by Juniper Networks, so users should only verify their correct installation.

Originally published at https://www.securitynewspaper.com on October 15, 2020.