About UsCareersBlogLog In
Cyber Security ResourceCyber Security Resource
  • Home
  • Products
    • IT Security Partnership Program
    • Cyber Security Resource Community
    • Third Party Risk Management
    • Managed Detection and Response
  • Services
    • Cyber Security Risk Assessment
    • HITRUST Readiness Assessment
    • Cyber Security Advisory Services
    • Penetration Test
    • Vulnerability Assessment
  • Solutions
    • Security Awareness & Training
    • Email Phishing
    • Antivirus – Antimalware
  • Resources
    • Cyber Security Resource Library
    • IT Governance
    • Information Security
    • Risk Management
    • Vulnerability Management
    • Incident Response
  • Partners
    • Consultants Network
    • Sales Partners
Facebook
Twitter
LinkedIn
YouTube
About UsCareersBlogLog In

Juniper Bug Allows RCE and DoS Against Carrier Networks

July 20, 2021AddMgrNo Comments
Juniper Networks’ Steel-Belted Radius (SBR) Carrier Edition has a severe remote code-execution vulnerability that leaves wireless carrier and fixed operator networks vulnerable to tampering. By centralizing user authentication, giving the proper level of access, and verifying compliance with security standards, telecom carriers utilize the SBR Carrier server to manage policies for how subscribers use their networks. It enables carriers to distinguish service tiers, diversify revenue models, and manage network resources. 
Juniper Networks, Inc. is a multinational technology company based in Sunnyvale, California. Routers, switches, network management software, network security solutions, and software-defined networking technology are among the networking products developed and sold by the company. Pradeep Sindhu started the company in 1996, with Scott Kriens serving as the original CEO until September 2008. Juniper Networks began by specializing in core routers, which are used by internet service providers (ISPs) to execute IP address lookups and route internet traffic. 
SBR Carrier versions 8.4.1, 8.5.0, and 8.6.0 that use the extensible authentication protocol are affected by the bug (CVE-2021-0276). It was on Wednesday, Juniper released a patch. On the CVSS vulnerability-severity rating scale, it gets a 9.8 out of 10. According to Juniper’s advisory, it’s a stack-based buffer-overflow vulnerability that an attacker can exploit by sending specially designed packets to the platform, causing the RADIUS daemon to crash. This can cause RCE as well as denial-of-service (DoS), which prevents phone subscribers from having a network connection. 
The flaw is one of the dozens that the networking giant patched this week across its carrier and corporate product lines, including multiple high-severity flaws that could be used to launch DoS assaults. Juniper claims that one of these can also be used for RCE. CVE-2021-0277 is an out-of-bounds read vulnerability that affects Junos OS (versions 12.3, 15.1, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1, 20.2, 20.3 and 20.4), as well as Junos OS Evolved (all versions). 
The problem occurs when the Layer 2 Control Protocol Daemon (l2cpd) processes specially designed LLDP frames (l2cpd). On a local area network (usually over wired Ethernet), network devices utilize LLDP to advertise their identification, capabilities, and neighbors. “Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the DoS condition,” Juniper said in its advisory, issued on Thursday.

This post was originally published on this site

AddMgr
Our passion at Cyber Security Resource is to work with IT Security Officers, Risk Managers, IT Managers, and Business Professionals to meet their Compliance and IT Security requirements. We offer IT security risk assessments, network and application penetration testing, and security certification readiness for Hitrust or SOCII.
Previous post Business correspondence in messengers and social networks poses a cyber threat to companies Next post Low-Risk iOS Wi-Fi Naming Issue can Compromise iPhones Remotely

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Our Newsletter

  • Virtual CISO Advisory Services
  • Cyber Security Risk Assessment
  • Vulnerability Assessment
  • Penetration Test
  • Cyber Security Awareness Training

Latest News

  • HITRUST Certification vs HIPAA: What you Need to Know
  • Why Do Businesses Need an Incident Response Plan?
  • Vulnerability Assessment vs. Penetration Testing: What’s the Difference?
  • Healthcare Cyber Security Trends: What You Need to Know Now and Going Forward
  • How To Perform a Cyber Security Risk Analysis For Any Organization.
HomeAccountPrivacy PolicyReturn & Refund PolicyTerms and ConditionsAbout UsContact Us

Return & Refund Policy - Terms and Conditions