{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-038.pdf"
    },
    "title": "Critical vulnerabilities in Junos OS and Junos OS Evolved",
    "serial_number": "2024-038",
    "publish_date": "16-04-2024 18:59:45",
    "description": "Multiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information. <br>\nIt is strongly advised to update affected systems to the latest versions to mitigate these risks.<br>\n",
    "url_title": "2024-038",
    "content_markdown": "---\ntitle: 'Critical vulnerabilities in\u00a0Junos\u00a0OS and\u00a0Junos\u00a0OS\u00a0Evolved'\nnumber: '2024-038'\nversion: '1.0'\noriginal_date: 'April 10, 2024'\ndate: 'April 16, 2024'\n---\n\n_History:_\n\n* _16/04/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nMultiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries [1]. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information. \n\nIt is strongly advised to update affected systems to the latest versions to mitigate these risks.\n\n# Technical Details\n\nThe vulnerability **CVE-2023-38545**, with a CVSS score of 9.8, is due to a heap-based buffer overflow in SOCKS5 proxy handshake in curl that could allow remote attackers to execute arbitrary code.\n\nThe vulnerabilities **CVE-2023-23914** and **CVE-2023-23915**, respectively with CVSS scores of 9.1 and 6.5, are caused by HSTS mechanism failures, and would allow transmission of sensitive information over unencrypted channels under certain conditions.\n\nThe vulnerability **CVE-2020-8285**, with a CVSS score of 7.5, is due to improper certificate revocation checks.\n\nThe vulnerability **CVE-2020-8286**, with a CVSS score of 7.5, is due to improper handling of network responses would cause denial of service conditions.\n\nThe vulnerabilities **CVE-2018-1000120** and **CVE-2018-1000122**, respectively with CVSS scores of 9.8 and 9.1, are older buffer overflow and buffer over-read vulnerabilities affecting older versions of curl, and could cause denial of service, information leakage, or worse.\n\n# Affected Products\n\n- **Junos OS**: All versions before 23.4R1-S1, 23.4R2\n- **Junos OS Evolved**: All versions before 21.4R3-S4-EVO, from 22.1-EVO before 22.1R3-S4-EVO, from 22.3-EVO before 22.3R3-S1-EVO, and from 22.4-EVO before 22.4R2-S1-EVO.\n\n# Recommendations\n\nIt is strongly recommended updating affected devices to a fixed version.\n\n# References\n\n[1] <https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>16/04/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Multiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries [1]. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information. </p><p>It is strongly advised to update affected systems to the latest versions to mitigate these risks.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2023-38545</strong>, with a CVSS score of 9.8, is due to a heap-based buffer overflow in SOCKS5 proxy handshake in curl that could allow remote attackers to execute arbitrary code.</p><p>The vulnerabilities <strong>CVE-2023-23914</strong> and <strong>CVE-2023-23915</strong>, respectively with CVSS scores of 9.1 and 6.5, are caused by HSTS mechanism failures, and would allow transmission of sensitive information over unencrypted channels under certain conditions.</p><p>The vulnerability <strong>CVE-2020-8285</strong>, with a CVSS score of 7.5, is due to improper certificate revocation checks.</p><p>The vulnerability <strong>CVE-2020-8286</strong>, with a CVSS score of 7.5, is due to improper handling of network responses would cause denial of service conditions.</p><p>The vulnerabilities <strong>CVE-2018-1000120</strong> and <strong>CVE-2018-1000122</strong>, respectively with CVSS scores of 9.8 and 9.1, are older buffer overflow and buffer over-read vulnerabilities affecting older versions of curl, and could cause denial of service, information leakage, or worse.</p><h2 id=\"affected-products\">Affected Products</h2><ul><li><strong>Junos OS</strong>: All versions before 23.4R1-S1, 23.4R2</li><li><strong>Junos OS Evolved</strong>: All versions before 21.4R3-S4-EVO, from 22.1-EVO before 22.1R3-S4-EVO, from 22.3-EVO before 22.3R3-S1-EVO, and from 22.4-EVO before 22.4R2-S1-EVO.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended updating affected devices to a fixed version.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US\">https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}