Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: JUNIPER NETWORKS PATCHED 126 VULNERABILITIES, INCLUDING 3 CRITICAL, IN THEIR JUNIPER SECURE ANALYTICS SOFTWARE, PATCH IMMEDIATELY!
Image
Published : 20/06/2024
Reference:
Advisory #2024-92
Version:
1.0
Affected software:
All versions of Juniper Networks Juniper Secure Analytics prior to 7.5.0 UP8 and 7.5.0 UP8 IF02
Type:
Use after free, Out-of-bounds Read, Improper access control
CVE/CVSS:
CVE-2023-5178: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2019-15505: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2023-25775: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)+ 123 other vulnerabilities
Sources
Juniper Networks - https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US
Risks
Juniper Networks just released v7.5.0 UP8 IF03 for their Juniper Secure Analytics appliances, which is a security information and event management (SIEM) system. This system has access to a lot of sensitive data to function properly as a SIEM. Therefore, it is crucial to keep this system up to date.
This update contains 126 vulnerabilities of which 3 are rated as critical. Successfully exploiting one or more of these vulnerabilities could lead to remote code execution on this SIEM. Granting attackers access to the system and all of the resources it is able to access.
Description
Most of 126 vulnerabilities which are patched in v7.5.0 UP8 IF03 are vulnerabilities in the underlaying Linux environment of the Juniper Secure Analytics appliance or dependencies used by the SIEM to perform its tasks.
Some of those vulnerabilities are also quite old, so the possibility of exploits being available for these vulnerabilities are a lot higher. This makes exploitation more likely and a lot easier for attackers to exploit them.
Recommended Actions
Patch
Update your Juniper Secure Analytics appliance to version 7.5.0 UP8 IF03.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
CVE-2023-5178 - https://nvd.nist.gov/vuln/detail/CVE-2023-5178
CVE-2019-15505 - https://nvd.nist.gov/vuln/detail/CVE-2019-15505
CVE-2023-25775 - https://nvd.nist.gov/vuln/detail/CVE-2023-25775