Number: AV16-167
Date: 19 October 2016
Purpose
The purpose of this advisory is to bring attention to multiple Juniper system security updates.
Assessment
Juniper has released security updates to address multiple vulnerabilities in Juniper products. The exploitation of these vulnerabilities could result in the remote execution of arbitrary code, denial of service, affect the integrity of files and folders.
Impacted products:
- Juniper Juno OS
- vMX (Virtual MX Series router)
- JUNOSe with IPv6 enabled
- Junos OS with J-Web enabled
- Junos OS with IPv6 enabled
- CTPView prior to 7.1R3, 7.3R1
- Junos Space before 15.2R2
CVE Numbers:
CVE-2013-0169, CVE-2016-4926, CVE-2016-4927, CVE-2016-4928, CVE-2016-4929, CVE-2016-4930, CVE-2016-4931, CVE-2011-0997, CVE-2011-2748, CVE-2011-2749, CVE-2012-3571, CVE-2013-0791, CVE-2013-1620, CVE-2013-1739, CVE-2013-1741, CVE-2013-2596, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545, CVE-2014-1568, CVE-2015-1794, CVE-2015-2151, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-5364, CVE-2015-5366, CVE-2016-4921, CVE-2016-4923, CVE-2016-4925, CVE-2016-4924, CVE-2016-4922
Suggested Action
CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.
References:
Juniper Security Bulletins
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10763&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10766&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10767&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10764&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10762&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760&cat=SIRT_1&actp=LIST