CVE: CVE-2021-44228 Summary Mist products are not impacted by the log4j2 vulnerability – CVE-2021-44228 – a vulnerability announced in certain versions of the Apache Log4j2 library. Exploitation of these vulnerabilities would allow a malicious actor to execute arbitrary code when message lookup substitution is enabled. Affected Products There is no action required by customers. The Mist Cloud Services and on premises products are...
Security Alerts
On May 11, 2021, the Industry Consortium for Advancement of Security on the Internet (ICASI) announced the coordinated disclosure of a series of vulnerabilities related to the functionality of Wi-Fi devices. The complete list of vulnerabilities is listed below. Exploitation of these vulnerabilities may result in data exfiltration. Of these issues listed below, only CVE-2020-24588...
Mist-Juniper is planning to discontinue support for TLS1.1 in the Mist cloud infrastructure and will only support TLS version 1.2 and the following cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 This is to ensure that we continue to provide a robust and secure cloud infrastructure. Any tools and systems accessing the Mist...
CVE: CVE-2020-15802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802 Publication Date: 2020-09-16 Summary Mist products are not impacted by the BLURtooth vulnerability. This vulnerability is related to the use of Cross-Transport Key Derivation (CTKD) for pairing Bluetooth devices. Affected Products None of the Mist products are affected by this vulnerability. Mist APs only operate the BLE ( Bluetooth Low Energy) capability for...
CVE: CVE-2020-11901 Publication Date: 2020-07-07 Summary Mist products are not impacted by the Ripple20 vulnerability – related to the use of the Treck embedded IP stack as per CVE-2020-11901. Exploitation of these vulnerabilities through an invalid DNS response could result in denial of service, information disclosure, or remote code execution. Affected Products None of the...
What is this vulnerability? Kr00k – formally known as CVE-2019-15126 – is a vulnerability in certain Broadcom Wi-Fi chipsets that allows unauthorized decryption of some WPA2-encrypted traffic. The vulnerability is a possible transmission of a few frames without proper MAC level encryption. Impact of this vulnerability The risk is limited to information exposure in the...
CVE: CVE-2018-10910 Publication Date: 2019-01-28 Summary Mist BLE solutions are not impacted by the Bluetooth Discoverability vulnerability – related to the use of Bluetooth Classic as per CVE-2018-10910. The vulnerability forces the Bluetooth mode to stay as discoverable, allowing all external Bluetooth devices to connect. This flaw can be exploited when malicious devices are...
Mist, a Juniper Company, built the first AI-driven networking platform to give modern businesses an intelligent solution for the digital era. Designed from the ground up to meet the stringent networking needs of the modern cloud and digital transformation, the Mist solution delivers unique capabilities from unprecedented visibility into the end user experiences to proactive...
Note: Please upgrade to firmware Version 0.1.11888 or later, which includes the fix to address this issue. What is this vulnerability? This is a security vulnerability for wireless networks that was publicly announced on October 16th, and impacts WPA2 networks as per VU#228519: https://www.kb.cert.org/vuls/id/228519. “Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to...
Dear Customers, We are aware of the latest CPU vulnerability discovered on Jan 4, 2017. Our AP’s don’t run untrusted software and the backend is already patched. No action is required right now, however, we are still vigilant about this vulnerability.