保安警報 (A25-10-10): Juniper Networks 產品多個漏洞

描述:

Juniper Networks 發布了安全公告，以應對 Junos OS 及 Junos OS Evolved 的多個漏洞。有關漏洞的詳細資料，請參閱供應商網站的相應安全公告。

受影響的系統:

• Juniper Networks Junos OS
• Juniper Networks Junos OS Evolved

有關受影響系統的詳細資料，請參閱供應商網站的相應安全公告。

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、權限提升、泄漏資訊、服務被拒絕或繞過保安限制。

建議:

適用於受影響系統的修補程式已可獲取。受影響系統的系統管理員應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980
• https://www.hkcert.org/tc/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20251010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52960 (to CVE-2025-52961)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59957 (to CVE-2025-59958)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59967
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60004
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60010