Vulnerabilities Overview

The Juniper Networks Security Incident Response Team (Juniper SIRT) constrains the publication of Juniper Security Advisories and Security Notices for non-urgent issues to a predefined quarterly schedule of the second Wednesday of January, April, July, and October, covering all Juniper products.

In exceptional circumstances, the Juniper SIRT may publish an out-of-cycle Security Advisory or Security Notice. Examples include active malicious exploitation of a zero-day Juniper vulnerability or a multi-vendor issue in which all participating parties must publish simultaneously on a schedule negotiated by an external coordinating agency. Paragon Automation provides information only about those SIRT advisories that are already released and does not include newer SIRT advisories published out of cycle after the release of Paragon Automation.

The Juniper SIRT considers numerous criteria for determining whether an issue warrants SIRT attention and, if so, how a fix will be applied and to what range of products and software releases, and how and when the issue will be published. The Juniper SIRT uses the Common Vulnerability Scoring System (CVSS) to rank an issue as one factor in its evaluation.

For more information, see the Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories page.

Note:

If a target type is affected by a SIRT advisory, it does not imply that the target instance in your network is also affected. You need to investigate further to determine whether the problem definition and matching criteria are relevant to your deployment. Juniper SIRT investigates such incidents and provides a comprehensive analysis of the security exposure based on your hardware, installed software, and configuration.

The Vulnerabilities page lists all the SIRT advisories that Juniper Networks has published, the devices on the network affected by these advisories, and the common vulnerabilities and exposures (CVEs).