- 115/2024
- High
- April 15, 2024
- 2:10 pm
Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, manipulate files, conduct cross-site scripting attacks, perform denial of service attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Juniper Networks Paragon Active Assurance Information Disclosure (CVE- 2024-30381):
- CVSS: 8.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
2. Juniper Networks Junos OS and Junos OS Evolved Denial of Service (CVE-2024- 21598):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.