Network technology giant Juniper warns users about denial-of-service bugs

Juniper Networks, which makes popular networking equipment and security technology, is warning about flaws in the operating systems for many of those products.

In two separate security bulletins issued or updated this week, the company says the Junos OS and Junos OS Evolved operating systems are potentially vulnerable to attacks. The company also issued an updated alert about flaws affecting the company’s SRX firewalls and EX switches.

In a new alert posted Tuesday, the Sunnyvale, California, company said older versions of the operating systems could be tied up by processing improper messages in the Border Gateway Protocol (BGP), the code that routes all internet traffic.

Specifically, an “UPDATE” message crafted a certain way eventually “will create a sustained Denial of Service (DoS) condition for impacted devices,” stopping them from doing their jobs.

On Wednesday, the company also updated a BGP-related security alert from June. That issue also involved potential denial-of-service attacks.

In both cases, the company was offering workarounds to solve the issues “out of cycle” from its usual operating system updates.

A third alert, dating from August 17 and updated Wednesday, concerns flaws in J-Web, an interface for the company’s SRX firewalls and EX switches. The company said it was still “not aware of a successful exploit against a customer” but “exploit attempts have been detected.”

In that case, “an unauthenticated, network-based attacker” potentially could chain together exploitation of the vulnerabilities “to remotely execute code on the devices.”

The Cybersecurity and Infrastructure Security Agency (CISA) also issued a short alert Wednesday about the operating system vulnerabilities.

Juniper says its products are in use by about 30,000 enterprises worldwide, “including the Global Fortune 100 as well as hundreds of federal, state and local government agencies and higher educational organizations.”