According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), Juniper Networks has launched an unexpected update after discovering that some login credentials had been left on their data centers switches. Juniper Networks is a multinational company dedicated to network and security systems and is considered the main competence of Cisco.
This vulnerability, tracked as CVE-2019-0034, was found in the Junos Network Agent, a software tool used to manage sensors and other devices that monitor the performance of a network. Specifically, we found login credentials exposed in Google gRPC, a plugin used with the Juno Telemetry Interface.
According to the cyber forensics course specialists, Juniper found that the configuration files used by gRPC contained login credentials that Junos Network Agent could use to perform an unauthorized reading of non-critical information, such as sensors data.
In addition, the APIs exposed through the Juniper Extension Toolkit (JET) might be able to perform considered non-critical operations on the device.
Although all vulnerable components could be part of Junos, only switches running Telemetry Interface with Junos Network Agent expose login data, so any implementation that does not run Network Agent is safe from this vulnerability.
In its security notice, Juniper Networks mentions that administrators can verify for themselves that a vulnerable version of Network Agent is being used by entering the following command:
user@junos> show version | grep na\ telemetry
Admins must check for this output:
user@junos>JUNOS na telemetry [17.3R3-S3.3]
If the switch is vulnerable to attacks, cyber forensics course specialists have recommended that administrators update the firmware to the latest version of Junos. However, users who are safe from the vulnerability could update their systems as well, as an additional security measure.
This has been a week of constant releases of update packages; in recent days, companies such as Microsoft, Adobe, SAP, and Intel have released new updates, including regular support for their products and vulnerability fixes.