Juniper Networks this week announced the release of patches for more than 30 vulnerabilities across its portfolio, including severe flaws in Contrail Networking and Junos OS.
Two advisories describing a total of 13 security holes in the Contrail Networking software-defined networking (SDN) solution were published this week, with seven of the bugs carrying a CVSS score above 9.0.
The most severe of these are two buffer overflow vulnerabilities in Pillow (CVE-2021-25289 and CVE-2021-34552) and a heap overflow in Apache HTTP Server (CVE-2021-26691). All three have a CVSS score of 9.8.
Additionally, the networking equipment maker cautioned of multiple known issues exist in CentOS 6.8 that’s shipped with Junos Space Policy Enforcer before version 22.1R1. As mitigations, the version of CentOS packed with the Policy Enforcer component has been upgraded to 7.9.
Juniper Networks says it is not aware of any of these Junos OS vulnerabilities being exploited in attacks, but encourages customers to update to a patched release as soon as possible.
Moreover, Juniper also addressed multiple Critical Contrail Networking vulnerabilities that impact all versions of Juniper Networks Contrail Networking prior to 21.4.0 .Multiple vulnerabilities in third party software used in Juniper Networks Contrail Networking have been resolved in release 21.4.0 by upgrading.