Security Alerts

Mist Security Advisory – Log4j2 Vulnerability

CVE: CVE-2021-44228   Summary  Mist products are not impacted by the log4j2 vulnerability – CVE-2021-44228 – a vulnerability announced in certain versions of the Apache Log4j2 library. Exploitation of these vulnerabilities would allow a malicious actor to execute arbitrary code when message lookup substitution is enabled.  Affected Products There is no action required by customers.  The Mist Cloud Services and on premises products are...

Mist Security Advisory – FragAttacks and FAQ

On May 11, 2021, the Industry Consortium for Advancement of Security on the Internet (ICASI) announced the coordinated disclosure of a series of vulnerabilities related to the functionality of Wi-Fi devices. The complete list of vulnerabilities is listed below. Exploitation of these vulnerabilities may result in data exfiltration. Of these issues listed below, only CVE-2020-24588...

Transitioning from TLS 1.1/1.2 to TLS 1.2-Only

Mist-Juniper is planning to discontinue support for TLS1.1 in the Mist cloud infrastructure and will only support TLS version 1.2 and the following cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 This is to ensure that we continue to provide a robust and secure cloud infrastructure. Any tools and systems accessing the Mist...

Mist Security Advisory – BLURtooth Attack

CVE: CVE-2020-15802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802 Publication Date: 2020-09-16 Summary Mist products are not impacted by the BLURtooth vulnerability. This vulnerability is related to the use of Cross-Transport Key Derivation (CTKD) for pairing Bluetooth devices. Affected Products None of the Mist products are affected by this vulnerability. Mist APs only operate the BLE ( Bluetooth Low Energy) capability for...

Mist Security Advisory – Ripple20

CVE: CVE-2020-11901 Publication Date: 2020-07-07 Summary Mist products are not impacted by the Ripple20 vulnerability – related to the use of the Treck embedded IP stack as per CVE-2020-11901. Exploitation of these vulnerabilities through an invalid DNS response could result in denial of service, information disclosure, or remote code execution. Affected Products None of the...

Mist Security Advisory – Kr00k Attack & FAQ

What is this vulnerability? Kr00k – formally known as CVE-2019-15126 – is a vulnerability in certain Broadcom Wi-Fi chipsets that allows unauthorized decryption of some WPA2-encrypted traffic. The vulnerability is a possible transmission of a few frames without proper MAC level encryption. Impact of this vulnerability The risk is limited to information exposure in the...

Mist Security Advisory – Bluetooth Discoverability

  CVE: CVE-2018-10910 Publication Date: 2019-01-28 Summary Mist BLE solutions are not impacted by the Bluetooth Discoverability vulnerability – related to the use of Bluetooth Classic as per CVE-2018-10910. The vulnerability forces the Bluetooth mode to stay as discoverable, allowing all external Bluetooth devices to connect. This flaw can be exploited when malicious devices are...

Mist Security

Mist, a Juniper Company, built the first AI-driven networking platform to give modern businesses an intelligent solution for the digital era.  Designed from the ground up to meet the stringent networking needs of the modern cloud and digital transformation, the Mist solution delivers unique capabilities from unprecedented visibility into the end user experiences to proactive...

FAQ on Wi-fi vulnerability announced on October 16th, 2017

Note: Please upgrade to firmware Version 0.1.11888 or later, which includes the fix to address this issue. What is this vulnerability? This is a security vulnerability for wireless networks that was publicly announced on October 16th, and impacts WPA2 networks as per VU#228519: https://www.kb.cert.org/vuls/id/228519. “Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to...

CPU/Meltdown and Spectre Side-Channel Vulnerability

Dear Customers, We are aware of the latest CPU vulnerability discovered on Jan 4, 2017. Our AP’s don’t run untrusted software and the backend is already patched. No action is required right now, however, we are still vigilant about this vulnerability.