According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), Juniper Networks has launched an unexpected update after discovering that some login credentials had been left on their data centers switches. Juniper Networks is a multinational company dedicated to network and security systems and is considered the main competence of Cisco.
This vulnerability, tracked as CVE-2019-0034,
was found in the Junos Network Agent, a software tool used to manage sensors
and other devices that monitor the performance of a network. Specifically, we
found login credentials exposed in Google
gRPC, a plugin used with the Juno Telemetry Interface.
According to the cyber forensics course
specialists, Juniper found that the configuration files used by gRPC contained
login credentials that Junos Network Agent could use to perform an unauthorized
reading of non-critical information, such as sensors data.
In addition, the APIs exposed through the
Juniper Extension Toolkit (JET) might be able to perform considered
non-critical operations on the device.
Although all vulnerable components could be
part of Junos, only switches running Telemetry Interface with Junos Network
Agent expose login data, so any implementation that does not run Network Agent
is safe from this vulnerability.
In its security notice, Juniper Networks
mentions that administrators can verify for themselves that a vulnerable
version of Network Agent is being used by entering the following command:
user@junos> show version | grep na telemetry
Admins must check for this output:
user@junos>JUNOS na telemetry [17.3R3-S3.3]
If the switch is vulnerable to attacks, cyber forensics
course specialists have recommended that administrators update the firmware to
the latest version of Junos. However, users who are safe from the vulnerability
could update their systems as well, as an additional security measure.
This has been a week of constant releases of
update packages; in recent days, companies such as Microsoft, Adobe, SAP, and
Intel have released new updates, including regular support for their products
and vulnerability fixes.