Juniper Junos OS 多個漏洞

影響

• 阻斷服務
• 繞過保安限制
• 權限提升
• 遠端執行程式碼
• 仿冒
• 繞過保安限制

受影響之系統或技術

Juniper Networks Junos OS

• All versions prior to 19.3R3-S7;
• All versions prior to 19.1R3-S10;
• 19.2 versions prior to 19.2R3-S7;
• 19.3 versions prior to 19.3R3-S8;
• 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9, 19.4R3-S10, 19.4R3-S11;
• 20.1 versions prior to 20.1R3-S4;
• 20.1 version 20.1R1, 20.1R2 and later versions;
• 20.2 versions prior to 20.2R3-S6, 20.2R3-S7;
• 20.3 versions prior to 20.3R3-S5, 20.3R3-S6;
• 20.4 versions prior to 20.4R3-S5, 20.4R3-S6, 20.4R3-S7;
• 21.1 versions prior to 21.2R3-S2, 21.1R3-S4;
• 21.2 versions prior to 21.2R3-S2, 21.2R3-S3, 21.2R3-S5;
• 21.3 versions prior to 21.3R3-S2, 21.3R3-S4;
• 21.4 versions prior to 21.4R3, 21.4R3-S4;
• 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3;
• 22.2 versions prior to 22.2R2-S1, 22.2R2, 22.2R3;
• 22.3 versions prior to 22.3R2.

Juniper Networks Junos OS Evolved

• All versions prior to 20.4R3-S6-EVO;
• All versions prior to 20.4R3-S7-EVO;
• All versions prior to 21.2R3-S5-EVO;
• All versions prior to 23.2R;
• 21.1 versions;
• 21.2 versions;
• 21.3 versions;
• 21.3 versions prior to 21.3R3-S1-EVO, 21.3R3-S4-EVO;
• 21.4 versions prior to 21.4R3-EVO, 21.4R3-S2-EVO, 21.4R3-S4-EVO;
• 22.1 versions prior to 22.1R3-EVO, 22.1R3-S3-EVO;
• 22.2 versions prior to 22.2R2-S1-EVO, 22.2R2-EVO, 22.2R3-EVO;
• 22.3 versions prior to 22.3R2-EVO;
• 22.4 versions prior to 22.4R2-EVO.

Juniper Networks Junos OS on MX Series

• All versions prior to 19.1R3-S10;
• 19.2 versions prior to 19.2R3-S7;
• 19.3 versions prior to 19.3R3-S8;
• 19.4 versions prior to 19.4R3-S12;
• 20.1 version 20.1R1 and later versions;
• 20.2 versions prior to 20.2R3-S7, 20.2R3-S8;
• 20.3 version 20.3R1 and later versions;
• 20.4 versions prior to 20.4R3-S7;
• 21.1 versions prior to 21.1R3-S5;
• 21.2 versions prior to 21.2R3-S5;
• 21.3 versions prior to 21.3R3-S4;
• 21.4 versions prior to 21.4R3-S3, 21.4R3-S4;
• 22.1 versions prior to 22.1R3-S2, 22.1R3-S3;
• 22.2 versions prior to 22.2R3, 22.2R3-S1;
• 22.3 versions prior to 22.3R2, 22.3R2-S1, 22.3R3;
• 22.4 versions prior to 22.4R1-S2, 22.4R2.

Juniper Networks Junos OS on SRX Series

• All versions prior to 20.2R3-S7;
• 20.3 version 20.3R1 and later versions;
• 20.4 versions prior to 20.4R3-S6;
• 21.1 versions prior to 21.1R3-S5;
• 21.2 versions prior to 21.2R3-S4;
• 21.3 versions prior to 21.3R3-S4;
• 21.4 versions prior to 21.4R3-S3;
• 22.1 versions prior to 22.1R3-S1;
• 22.2 versions prior to 22.2R3;
• 22.3 versions prior to 22.3R2-S1, 22.3R2, 22.3R3;
• 22.4 versions prior to 22.4R1-S2, 22.4R2;
• 22.2 versions prior to 22.4R1-S1, 22.4R2, 22.2R3;
• 22.3 versions prior to 22.3R2-S1, 22.3R3;
• 22.4 versions prior to 22.4R1-S2, 22.4R2.

Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series

• 20.1 version 20.1R1 and later versions;
• 20.2 versions prior to 20.2R3-S7;
• 20.3 version 20.3R1 and later versions;
• 20.4 versions prior to 20.4R3-S7;
• 21.1 versions prior to 21.1R3-S5;
• 21.2 versions prior to 21.2R3-S3;
• 21.3 versions prior to 21.3R3-S3;
• 21.4 versions prior to 21.4R3-S1;
• 22.1 versions prior to 22.1R3;
• 22.2 versions prior to 22.2R2;
• 22.3 versions prior to 22.3R1-S1, 22.3R2.

Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202

• 21.2 version 21.2R1-EVO and later versions;
• 21.3 version 21.3R1-EVO and later versions;
• 21.4 versions prior to 21.4R3-S3-EVO;
• 22.1 version 22.1R1-EVO and later versions;
• 22.2 versions prior to 22.2R3-S2-EVO;
• 22.3 versions prior to 22.3R3-EVO;
• 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.

Juniper Networks Junos OS on QFX10000

• 20.3 version 20.3R1 and later versions;
• 20.4 versions prior to 20.4R3-S5;
• 21.1 versions prior to 21.1R3-S5;
• 21.2 versions prior to 21.2R3-S5;
• 21.3 versions prior to 21.3R3-S4;
• 21.4 versions prior to 21.4R3-S1;
• 22.1 versions prior to 22.1R3;
• 22.2 versions prior to 22.2R2;
• 22.3 versions prior to 22.3R1-S2, 22.3R2.

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式，詳情請參閱以下連結：

• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-Multiple-NTP-vulnerabilities-resolved?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-have-been-resolved-in-MQTT?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-4600-and-SRX-5000-Series-The-receipt-of-specific-genuine-packets-by-SRXes-configured-for-L2-transparency-will-cause-a-DoS-CVE-2023-36834?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-PTX10001-36MR-and-PTX10004-PTX10008-PTX10016-with-LC1201-1202-The-aftman-bt-process-will-crash-in-a-MoFRR-scenario-CVE-2023-36833?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-occurs-when-a-specific-L2VPN-command-is-run-CVE-2023-36840?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-An-MPC-will-crash-upon-receipt-of-a-malformed-CFM-packet-CVE-2023-36850?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-The-FPC-will-crash-on-receiving-a-malformed-CFM-packet-CVE-2023-36848?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-MoFRR-scenario-an-rpd-core-may-be-observed-when-a-low-privileged-CLI-command-is-executed-CVE-2023-36836?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-jbuf-memory-leak-when-SSL-Proxy-and-UTM-Web-Filtering-is-applied-CVE-2023-36831?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-occurs-when-running-a-low-privileged-CLI-command-CVE-2023-36838?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2cpd-will-crash-when-a-malformed-LLDP-packet-is-received-CVE-2023-36849?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-PFE-crash-upon-receipt-of-specific-packet-destined-to-an-AMS-interface-CVE-2023-36832?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-QFX10000-Series-All-traffic-will-be-dropped-after-a-specific-valid-IP-packet-has-been-received-which-needs-to-be-routed-over-a-VXLAN-tunnel-CVE-2023-36835?language=en_US
• https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-J-Web-Multiple-Vulnerabilities-in-PHP-software?language=en_US

漏洞識別碼

• CVE-2020-13817
• CVE-2020-13817
• CVE-2017-7653
• CVE-2017-7654
• CVE-2017-7655
• CVE-2023-36834
• CVE-2023-36833
• CVE-2023-36840
• CVE-2023-36850
• CVE-2023-36836
• CVE-2023-36831
• CVE-2023-36838
• CVE-2023-36832
• CVE-2023-36835
• CVE-2022-31629
• CVE-2022-31628
• CVE-2022-31627
• CVE-2022-31626
• CVE-2022-31625
• CVE-2021-21708
• CVE-2021-21707
• CVE-2021-21705
• CVE-2021-21704
• CVE-2021-21703
• CVE-2021-21702
• CVE-2021-21701

資料來源

• Juniper Network

相關連結

• https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=relevancy&f:ctype=[Security%20Advisories]&f:level1=[OS]