Juniper squeezes vulns that allow total p0wnage

NorthStar WAN SDN Controller has 28 nasties, half a dozen critical

Juniper admins using the company's NorthStar WAN SDN Controller Application, hop to it: the company's just dropped fixes to 28 security vulnerabilities.

The bugs apply to version 2.1.0 Service Pack 1 and newer versions of the application.

With such a crop available, here are the most severe bugs, some of them internal to the application, others inherited from third-party libraries.

CVE-2017-2320, with a Common Vulnerabilities Scoring System score of 10, is the most serious. It's a remotely exploitable denial-of-service (DoS) bug that can lead to “targeted information disclosure [or] modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management”.

CVE-2017-2321 is similar, an out-of-bounds read DoS vulnerability with information disclosure. The Gin Palace has warned this one could enable attackers to mount “man-in-the-middle attacks, file injections, and malicious execution of commands”.

In CVE-2017-2326, an attacker could take a copy of the Junos OS virtual machine “and all data it maintains”.

CVE-2017-2332 is a slip in authentication that opens the environment to complete pwnage, and CVE-2017-2334 provides a man-in-the-middle vector that would let an attacker steal admin credentials.

The two-year-old CVE-2015-3456 is inherited from QEMU: “The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.”

And that's just the six that scored high enough to rate as “critical”.

Juniper has issued fixes for all the vulnerabilities. ®




Biting the hand that feeds IT © 1998–2018