A Shocking 35 Vulnerabilities Reported in Juniper Networks Junos Space Product

Photograph of Juniper Networks Building

Software vulnerabilities are everywhere, meaning they can be found not only in lesser products (weakly coded third-party apps or software lacking a proper security standard) but they can be found in any software product belonging to any software vendor out there. Case in point, recent news has seen a slew of vulnerabilities in products belonging to established leaders in IT, telecommunications, and networking. A good example of just how important it is in the IT industry to iron out software vulnerabilities often called ‘bugs’, is when half-million-dollar bounties are offered to specialists who can find them.

These ‘bugs’ are what can cause big problems when cybercriminals choose to exploit them on a vulnerable (unpatched) system. To put this into perspective by borrowing a paragraph from The Scientific American, “Software development is not a perfect process. Programmers often work on timelines set by management teams that attempt to set reasonable goals, though it can be a challenge to meet those deadlines. As a result, developers do their best to design secure products as they progress but may not be able to identify all flaws before an anticipated release date.”

Software security flaws affect every industry out there that operates in the digital realm or holds data there. This can be anything from consulting to network asset management. This time, news has been released detailing a shocking 35 vulnerabilities found in American network asset management giant Juniper‘s Junos Space product. The Junos Space product is one of Juniper’s most widely used products. Juniper Networks products are also used by U.S. government institutions that make over 1 billion dollars in revenue and employ over 10,000 people.

Junos Space

The Junos Space Network Management Platform is a ‘centralized’ platform that manages network devices. It works with Juniper’s management applications to simplify and automate the management of several ‘switching, routing and security devices.’ Junos Space is a comprehensive solution that improves scaling operations, reduces complexity, and is a unified product that makes deploying new services more efficient.

Juniper Junos Space Vulnerability

On August 17th, 2021 a report was released on Juniper’s Info Center web page describing multiple vulnerabilities in their Junos Space network management platform product. A total of 35 software vulnerabilities have been discovered, of which 5 have been exploited publiclyso far.

Technical Details

Below are the CVE (Common Vulnerabilities and Exposures) ID codes for each of the 35 vulnerabilities. The CVE ID codes are ascribed to each vulnerability, more details are given below;

  • CVE-2019-19532
  • CVE-2019-25013
  • CVE-2020-0427
  • CVE-2020-10029
  • CVE-2020-10543
  • CVE-2020-10878
  • CVE-2020-12723
  • CVE-2020-13765
  • CVE-2020-14318
  • CVE-2020-14323
  • CVE-2020-14351
  • CVE-2020-14364
  • CVE-2020-1472
  • CVE-2020-15862
  • CVE-2020-16092
  • CVE-2020-1971
  • CVE-2020-1983
  • CVE-2020-25211
  • CVE-2020-25645
  • CVE-2020-25656
  • CVE-2020-25705
  • CVE-2020-28374
  • CVE-2020-29573
  • CVE-2020-29661
  • CVE-2020-7053
  • CVE-2020-20265
  • CVE-2021-20277
  • CVE-2021-20305
  • CVE-2021-2163
  • CVE-2021-25215
  • CVE-2021-26937
  • CVE-2021-27363
  • CVE-2021-27364
  • CVE-2021-27365
  • CVE-2021-27803

Here is a summary of the shared issues among the vulnerabilities found; out-of-bounds write, buffer over-read, out-of-bounds read, buffer overflows, file and directory access bugs, null pointer dereference, use-after-free memory flaws, elevation of privilege flaw, improper privilege management, assertion failures, ICMP packet security flaws, memory resource flaws, Java coding flaws, encoding flaws, kernel pointer leaks.

Public Exploits

Of the 35 exploits found, 5 of them have a public exploit. Here are the details;

  • CVE-2020-1472 (Critical risk)
  • CVE-2020-1983 (Medium risk)
  • CVE-2020-1971 (Medium risk)
  • CVE-2020-14364 (Medium risk)
  • CVE-2020-25705 (Medium risk)

To summarize, these vulnerabilities have the following issues; access, permission and privilege, use-after-free, NULL pointer dereference, out-of-bounds write and finally use of insufficiently random values.

Important User Information

All of the security flaws discovered above in Junos Space can lead to potential dangers from remote cybercriminals such as; execution of arbitrary code, denial of service attacks, unprivileged user access, remote access to critical data, system crashes, and privilege escalation.

It is highly recommended that users update their Junos Space versions if they are using version 21.2R1 or earlier here. Juniper also recommends the following; “To reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to the device to only trusted administrative networks, hosts and users.”

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.