Critical Juniper Routers and Switches Vulnerability

What is it?

Last week, Juniper warned its customers about a vulnerability (CVE-2016-3074) that can allow attackers to remotely execute code on machines running certain versions of the Junos OS. The affected versions are 12.1X46, 12.3X48, 15.1X49, 14.2, 15.1, 15.1X53, 16.1, 16.2.

The vulnerability exists in libgd, an open-source image library that is bundled with PHP versions 4.3 and up. Attackers can exploit an integer signedness error in libgd 2.1.1 to cause a denial of service or execute arbitrary code.

Prevention
Updates have been released that resolve the issue, but there are also a few workarounds. These workarounds include disabling J-Web and XNM-SSL and discontinuing the use of Netconf and PyEZ with PHP.

In addition to the previously mentioned recommendations, the Juniper Security Advisory also said it is a best practice to lessen the attack surface of networking equipment and to use firewalls and access lists to limit access to the devices.

Sources:
https://threatpost.com/juniper-issues-security-alert-tied-to-routers-and-switches/127373/
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798&cat=SIRT_1&actp=LIST

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu