Juniper Releases Security Updates for Multiple Products

Scheduled updates for Juniper Networks products with updated Log4j2 advisory

Threat ID:: CC-4015
Threat Severity:: Information only
Published:: 17 January 2022 1:34 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Juniper Networks products with updated Log4j2 advisory

Affected platforms

The following platforms are known to be affected:

Juniper Networks Junos OS

Juniper Networks Junos OS Evolved

Juniper Networks MX Series

Juniper Networks SRX Series

The following platforms are also known to be affected:

Multiple other platforms are affected. Please review the Juniper Networks security advisories page for more information.

Threat details

Introduction

Juniper Networks has released 36 security updates to address multiple vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Juniper Networks also updated their out-of-cycle Log4j2 2021-12 Out of Cycle Security Advisory - Multiple Products: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. (CVE-2021-44228, CVE-2021-4104, CVE-2021-45046 and CVE-2021-42550).

Remediation advice

Organisations are encouraged to review Juniper Networks' security advisories page and apply the necessary updates.

Definitive source of threat updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/juniper-networks-releases-security-updates-multiple-products

Last edited: 17 January 2022 4:43 pm