This week, Juniper Networks—a provider of networking, cloud, and cybersecurity solutions—released warnings outlining dozens of vulnerabilities discovered across its product line, including serious flaws in third-party STRM and Junos OS components. Expat (libexpat), a third-party stream-oriented XML parser library, is the subject of one of the warnings that resolves multiple critical-severity flaws.
Information from Juniper With the most recent Junos OS updates, 15 Expat vulnerabilities were fixed, with seven of them being classified as “critical severity” (CVSS score of 9.8). Despite been made public during the previous two years, it is unknown whether the defects have been used in malicious attacks. Versions 19.4 through 22.2 of Junos OS have updates available that fix these flaws. To lessen the dangers brought on by these issues, Juniper suggests employing access lists or firewall filters.