保安警报 (A25-10-10): Juniper Networks 产品多个漏洞

描述:

Juniper Networks 发布了安全公告，以应对 Junos OS 及 Junos OS Evolved 的多个漏洞。有关漏洞的详细资料，请参阅供应商网站的相应安全公告。

受影响的系统:

• Juniper Networks Junos OS
• Juniper Networks Junos OS Evolved

有关受影响系统的详细资料，请参阅供应商网站的相应安全公告。

影响:

成功利用漏洞可以导致受影响的系统发生远端执行程式码、权限提升、泄漏资讯、服务被拒绝或绕过保安限制。

建议:

适用于受影响系统的修补程式已可获取。受影响系统的系统管理员应遵从产品供应商的建议，立即採取行动以降低风险。

进一步资讯:

• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980
• https://www.hkcert.org/tc/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20251010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52960 (to CVE-2025-52961)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59957 (to CVE-2025-59958)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59967
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60004
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60010