This advisory is for organizations that use Juniper Secure Analytics. If your organization does not use this platform, this notification may be discarded.
Summary
Juniper Networks just released v7.5.0 UP8 IF03 for their Juniper Secure Analytics appliances, which is a security information and event management (SIEM) system. This system has access to a lot of sensitive data to function properly as a SIEM. Therefore, it is crucial to keep this system up to date.
This update contains 126 vulnerabilities of which 3 are rated as critical. Successfully exploiting one or more of these vulnerabilities could lead to remote code execution on this SIEM. Granting attackers access to the system and all of the resources it is able to access.
Most of 126 vulnerabilities which are patched in v7.5.0 UP8 IF03 are vulnerabilities in the underlaying Linux environment of the Juniper Secure Analytics appliance or dependencies used by the SIEM to perform its tasks.
CVE-2023-5178: CVSSv3.1: 9.8
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
CVE-2019-15505: CVSSv3.1: 9.8
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2023-25775: CVSS 9.8
Improper access control in the Intel(R) Ethernet Controller RDMA driver for Linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Affected Platforms
These issues affect Juniper Networks Juniper Secure Analytics:
All versions prior to 7.5.0 UP8 and 7.5.0 UP8 IF02.
Mitigations
Update to 7.5.0 UP8 IF03.
Additional Resources