6.6 C
London
Friday, September 22, 2017
Home Tags JunOS

Tag: JunOS

Juniper warned Thursday of a high-risk bug in the GD graphics library used in several versions of its Junos OS.
CVE CVSS base score Summary CVE-2016-1762 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. CVE-2016-444...
2017-01 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted multicast packets (CVE-2017-2300)Product Affected:This issue affects any SRX Series Services Gateway chassis cluster Problem:The flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.  Upon the flowd crash, data plane redundancy groups will fail over to the secondary node in the chassis cluster while flowd on the primary node restarts.This issue only occurs in chassis cluster configurations that process transit multicast traffic.  Transit multicast traffic is processed on an SRX services gateway by enabling PIM in normal Flow Mode, or via security policies permitting transit multicast traffic in L2/Transparent Mode.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2017-2300. Solution:The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D65, 12.3X48-D40, 15.1X49-D60, and all subsequent releases.This issue is being tracked as PR 1188853 and is visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Disallow transit multicast traffic, or isolate/disable the secondary node of the chassis cluster until an upgrade can be performed. For SRXs running in Transparent Mode, any security policies permitting transit multicast traffic should be disabled (default policy is deny-all). For SRXs running in normal Flow Mode, transit multicast traffic can also be stopped by disabling PIM protocol. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2017-01-11: Initial publication2017-01-18: Devices with security policies permitting transit multicast traffic in Transparent Mode are also vulnerable Related Links:CVSS Score:6.5 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level:Medium Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302)Product Affected:This issue can affect any product or platform running Junos OS. Problem: On Junos OS devices where the BGP add-path feature is enabled with 'send' ...
2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303)Product Affected:This issue can affect any product or platform running Junos OS where RIP is enabled. Problem: Certain RIP advertisements received by the rou...
2017-01 Security Bulletin: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600: 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304)Product Affected:This issue affects QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices. Problem: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets.

This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue has been assigned CVE-2017-2304. Solution: The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D40, 15.1X53-D40, 15.1R2  and all subsequent releases. This issue is being tracked as PR 1063645 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround: There are no known workarounds to prevent the information leak in Ethernet packets. It is a good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the QFX device only from trusted, administrative networks or hosts. Implementation: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Modification History: 2017-01-11: Initial release. Related Links:CVSS Score:4.3 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Risk Level:Low Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Turn it off and turn it back on again. No, really Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world. Any users who issued the "request system software" command with the "partition" option are affected by the bug. In its first advisory for 2017, the Gin Palace explains the failed upgrade “can leave the system in a state where root CLI login is allowed without a password”.
It applies to any system upgraded from Junos OS prior to 12.1X46-D65. When the upgrade failed, the system reverted to a “safe mode” designed to make sure a sysadmin can get into the system to fix it – but in that mode, the only login available is root without a password. Other previously-valid authentication credentials are wiped. You may want to take a deep breath before reading the next bit: “Upgrading from an affected release to a fixed release will not resolve this issue.” The good news: “the symptoms are immediately obvious after an affected upgrade and may be remediated by rebooting the device post-upgrade”. In other words, try turning it off, and turning it back on again. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
2016-10 Security Bulletin: Junos J-Web: Cross Site Scripting Vulnerability (CVE-2016-4923)Product Affected:This issue can affect any product or platform running Junos OS with J-Web enabled. Problem:Insufficient cross site scripting protection in J-Web ...
Product Affected:vMX (Virtual MX Series router)Problem: An incorrect permissions vulnerability in vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2016-4924. Solution:This issue has been resolved in vMX 14.1R8, 15.1F6, 16.1 and all subsequent releases.This issue is being tracked as PR 1129051 and is visible on the Customer Support website. Workaround:Limit access to only trusted users on the host machine where vMX is deployed. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-10-12: Initial publication Related Links:CVSS Score:8.4 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) Risk Level:High Acknowledgements:
2016-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2016-4922)Product Affected:These issues can affect any product or platform running Junos OS. Problem:Certain combinations of Junos OS CLI commands and arg...
2016-10 Security Bulletin: Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921)Product Affected:This issue can affect any product or platform running Junos OS with IPv6 enabled. Problem:By flooding a router with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic.  In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic.  The issue is triggered by traffic destined to the router.  Transit traffic does not trigger the vulnerability.This issue only affects devices with IPv6 enabled and configured.

Devices not configured to process IPv6 traffic are unaffected by this vulnerability.This issue was found during internal product security testing.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.This issue has been assigned CVE-2016-4921. Solution:The kernel panic (PR 1017099) has been addressed in Junos OS 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9, 13.3R5, and all software releases listed below.  However, a more complete IPv6 resource management improvement (PR 1037225) has addressed these resource exhaustion issues in the following software releases: 12.3X48-D30, 13.3R10*, 14.1R8, 14.1X53-D40, 14.2R6, 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D70, 16.1R1, and all subsequent releases.The two fixes for this issue are being tracked as PRs 1037225 and 1017099 which are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.*Available end of Q4/2016. Workaround:Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the router via IPv6 only from trusted, administrative networks or hosts. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-10-12: Initial publication Related Links:CVSS Score:7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements:
The ​OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016.

The following is a summary of these vulnerabilities and their status with respect to Juniper products: CVE OpenSSL Severity Rating Summary CVE-2016-6309 Critical statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. CVE-2016-0701 High The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. CVE-2016-0703 High The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVE-2016-0800 High The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. CVE-2016-2107 High The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. CVE-2016-2108 High The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. CVE-2016-6304 High Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. CVE-2015-3193 Moderate The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. CVE-2015-3194 Moderate crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. CVE-2015-3195 Moderate The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVE-2016-0704 Moderate An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVE-2016-6305 Moderate The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. CVE-2016-7052 Moderate crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. CVE-2015-1794 Low The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. CVE-2015-3196 Low ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. CVE-2015-3197 Low ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. CVE-2016-0702 Low The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. CVE-2016-0705 Low Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. CVE-2016-0797 Low Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. CVE-2016-0798 Low Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. CVE-2016-0799 Low The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. CVE-2016-2105 Low Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. CVE-2016-2106 Low Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. CVE-2016-2109 Low The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. CVE-2016-2176 Low The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. CVE-2016-2182 Low The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2016-6303 Low Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2016-2179 Low The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. CVE-2016-2180 Low The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. CVE-2016-2181 Low The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. CVE-2016-6302 Low The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. CVE-2016-2177 Low OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. CVE-2016-2178 Low The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. CVE-2016-6306 Low The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. CVE-2016-6307 Low The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. CVE-2016-6308 Low statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. CVE-2016-2176 is a vulnerability that only affects EBCDIC systems. No Juniper products are affected by this vulnerability. Affected Products: Junos OS: Junos OS is potentially affected by many of these issues. Junos OS is not affected by CVE-2016-0701, CVE-2016-0800, CVE-2016-2107, CVE-2016-2176, CVE-2016-2179, CVE-2016-2181, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. ScreenOS: ScreenOS is potentially affected by many of these issues.
ScreenOS is not affected by CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3196, CVE-2015-3197, CVE-2016-0701, CVE-2016-2107, CVE-2016-2109, CVE-2016-2179, CVE-2016-2181, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Junos Space: Junos Space is potentially affected by many of these issues. Junos Space is not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. NSM: NSM is potentially affected by many of these issues. NSM is not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Juniper Secure Analytics (JSA, STRM): STRM, JSA series is potentially affected by these issues. CTPView/CTPOS: CTPView and CTPOS are potentially affected by many these issues.

CTPView and CTPOS are not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Junos OS: OpenSSL December 2015 advisory: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 and CVE-2015-1794 are resolved in 12.1X44-D60, 12.1X46-D45, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3R13, 12.3X48-D25, 13.2X51-D40, 13.3R9, 14.1R7, 14.1X53-D35, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D35, 16.1R1 and all subsequent releases (PR 1144520). OpenSSL March 2016 advisory: CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703 and CVE-2016-0704 are resolved in 13.3R10*, 14.1R8, 14.1X53-D40*, 14.2R7, 15.1F5-S4, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D50, 16.1R1 and all subsequent releases (PR 1165523, 1165570). OpenSSL May 2016 advisory: CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2180 are resolved in 13.3R10*, 14.1R9*, 14.1X53-D40*, 14.2R8*, 15.1F5-S4, 15.1F6-S2, 15.1R4, 15.1X53-D50, 15.1X53-D60, 16.1R1 and all subsequent releases.

Fixes are in progress for other supported Junos releases (PR 1180391). OpenSSL June to September 2016 advisories: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052 are resolved in 13.3R10*, 14.1R9*, 14.2R8*, 15.1R5*, 16.1R4* and all subsequent releases.

Fixes are in progress for other supported Junos releases (PR 1216923). CVE-2016-2108 was resolved when fixes for OpenSSL Advisories in June and July 2015 were implemented in Junos.

At that time OpenSSL version was upgraded to 1.0.1p in Junos 13.3 and later releases which included a fix for this issue. Please see JSA10694​ for solution releases. Note: * - These Junos releases are pending release at the time of publication. Note: While Junos is not affected or impacted by certain CVEs, fixes for those get included with the relevant OpenSSL version upgrade. Hence these are stated as resolved. ScreenOS: CVE-2015-3195 is resolved in 6.3.0r22.

This issue is being tracked as PR 1144749. Please see JSA10733 further details. Rest of the applicable issues in OpenSSL advisories until May 2016 in have been resolved in ScreenOS 6.3.0r23.

These issues are being tracked as PRs 1180504 and 1165796. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1217005. Junos Space: OpenSSL software has been upgraded to 1.0.1t in Junos Space 16.1R1 (pending release) to resolve all the issues included in OpenSSL advisories until May 2016.

These issues are being tracked as PRs 1144741, 1158268, 1165853, 1180505, 1212590. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1216998. NSM: OpenSSL software has been upgraded to 1.0.2h in NSM 2012.2R13 to resolve all the issues included in OpenSSL advisories until May 2016.

This upgrade is being tracked as PR 1198397. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1217003. Juniper Secure Analytics (JSA, STRM): OpenSSL December 2015 and March 2016 advisories: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794, CVE-2015-3193, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799 and CVE-2016-0800 have been resolved in 2014.6.R4.A resolution for other issues is pending release.These issues are being tracked as PR 1151137, 1165861. CTPView CVE-2015-3194 and CVE-2015-3195 have been resolved in 7.1R3, 7.2R1 and all subsequent releases (PR 1144746). CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0800 have been resolved in 7.1R3, 7.2R2, 7.3R1 and all subsequent releases (PR 1165849). CTPOS CVE-2015-3194 and CVE-2015-3195 have been resolved in 7.2R1 and all subsequent releases (PR 1144964). CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0800 have been resolved in 7.0R7, 7.1R3, 7.2R2, 7.3R1 and all subsequent releases (PR 1165847). Standard security best current practices (control plane firewall filters, edge filtering, access lists, etc.) may protect against any remote malicious attacks. Junos OS Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include: Disabling J-Web Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes Limit access to J-Web and XNM-SSL from only trusted networks ScreenOS Methods to reduce the risk associated with this issue include: Limit access to SSL ports to only trusted hosts. Disabling web administrative services will mitigate the risk of this issue:unset int eth0/0 manage web Refer to KB6713 for enabling SSH on the firewall. General Mitigation It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the HTTPS or SSL/TLS services only from trusted, administrative networks or hosts.