Juniper’s security information and event management system (SIEM) Secure Analytics is vulnerable and the developers have closed several security holes.
As a post shows, the developers have closed a total of nine security holes. The majority is classified as a “high” threat level. For example, a vulnerability (CVE-2023-22218 “high”) in the libssh2_packet_add function of libssh2 1.10.0 allows attackers to access unintended memory areas. This is usually how malicious code gets onto systems.
In addition, after successful attacks, attackers can gain higher privileges up to the root (CVE-2023-3899 “high”), access restricted information (CVE-2023-20593 “medium”) or for DoS attacks (CVE-2023-35788 “high”).
How the attack could take place is still unclear. There is currently no evidence of ongoing attacks from Juniper.
The developers claim to have resolved the security issues starting with the Juniper Secury Analytics 7.5.0 UP7 IF02 release.
To the homepage
#Security #Updates #Juniper #Secure #Analytics #vulnerable