Juniper Networks has released security advisories to fix vulnerabilities on multiple products this week.
In total, Juniper released 12 security advisories on January 8 to address vulnerabilities in JunOS, Firewall and other products.
Of special note, security patches for Junos OS and Junos OS Evolved fixed multiple vulnerabilities in JDHCPD. Attackers could exploit these bugs to run OS command injection and code execution of JDHCPD.
To add, two of the JDHCPD vulnerabilities (CVE-2020-1605 and CVE-2020-1609) are rated High severity. The other bug CVE-2020-1602 is rated Medium.
In another security bulletin, Juniper fixed two Critical Contrail Networking vulnerabilities as part of release R1912. An attacker could exploit one of those vulnerabilities CVE-2019-19919 and execute arbitrary code through crafted payloads. The other bug is related to a Polymorphic Typing issue.
Juniper also fixed a JunOS vulnerability (CVE-2020-1604) in EX4300/EX4600/QFX3500/QFX5100 Series firewalls. The company said the stateless IP firewall filter may fail to evaluate certain packets.
Network administrators should review all applicable advisories and apply the necessary updates as soon as possible.