On July 19th, 2023, at 9am PST, Juniper Mist will end support of cipher suites using the Cipher Block Chaining (CBC) mode of operation on our cloud endpoints. These cipher suites are known to be susceptible to attacks such as padding oracle attack, which can lead to data leaks and other security issues. We will...
- Getting Started
- Wireless
- Wired Switching
- WAN Edge
- Mist Access Assurance
- Location Based Services
- Premium Analytics
- Security and Cloud Administration
- MSP
- Automation
- Product Updates
- Marvis
- Security Alerts
- FAQ
Security Alerts
Dear Customers, We are aware of the latest CPU vulnerability discovered on Jan 4, 2017. Our AP’s don’t run untrusted software and the backend is already patched. No action is required right now, however, we are still vigilant about this vulnerability.
Note: Please upgrade to firmware Version 0.1.11888 or later, which includes the fix to address this issue. What is this vulnerability? This is a security vulnerability for wireless networks that was publicly announced on October 16th, and impacts WPA2 networks as per VU#228519: https://www.kb.cert.org/vuls/id/228519. “Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to...
What is this vulnerability? Kr00k – formally known as CVE-2019-15126 – is a vulnerability in certain Broadcom Wi-Fi chipsets that allows unauthorized decryption of some WPA2-encrypted traffic. The vulnerability is a possible transmission of a few frames without proper MAC level encryption. Impact of this vulnerability The risk is limited to information exposure in the...
CVE: CVE-2018-10910 Publication Date: 2019-01-28 Summary Mist BLE solutions are not impacted by the Bluetooth Discoverability vulnerability – related to the use of Bluetooth Classic as per CVE-2018-10910. The vulnerability forces the Bluetooth mode to stay as discoverable, allowing all external Bluetooth devices to connect. This flaw can be exploited when malicious devices are...
On March 27, 2023, the research paper titled “Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues” was published outlining a potential attack on Wi-Fi via a malicious insider. The vulnerability is also referred to as MacStealer and has been assigned CVE-2022-47522. In a nutshell the attacker will utilize valid credentials, such as the attacker’s...
On May 11, 2021, the Industry Consortium for Advancement of Security on the Internet (ICASI) announced the coordinated disclosure of a series of vulnerabilities related to the functionality of Wi-Fi devices. The complete list of vulnerabilities is listed below. Exploitation of these vulnerabilities may result in data exfiltration. Of these issues listed below, only CVE-2020-24588...
CVE: CVE-2021-44228 Summary Mist products are not impacted by the log4j2 vulnerability – CVE-2021-44228 – a vulnerability announced in certain versions of the Apache Log4j2 library. Exploitation of these vulnerabilities would allow a malicious actor to execute arbitrary code when message lookup substitution is enabled. Affected Products There is no action required by customers. The Mist Cloud Services and on premises products are...
CVE: CVE-2020-11901 Publication Date: 2020-07-07 Summary Mist products are not impacted by the Ripple20 vulnerability – related to the use of the Treck embedded IP stack as per CVE-2020-11901. Exploitation of these vulnerabilities through an invalid DNS response could result in denial of service, information disclosure, or remote code execution. Affected Products None of the...
CVE: CVE-2020-15802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802 Publication Date: 2020-09-16 Summary Mist products are not impacted by the BLURtooth vulnerability. This vulnerability is related to the use of Cross-Transport Key Derivation (CTKD) for pairing Bluetooth devices. Affected Products None of the Mist products are affected by this vulnerability. Mist APs only operate the BLE ( Bluetooth Low Energy) capability for...
Summary Mist APs are not impacted by OpenSSH vulnerabilities as they do not use OpenSSH. Scope: Unaffected Products: Mist APs
CVE-2024-3596 On July 9, 2024 researches announced a protocol level vulnerability in the RADIUS protocol with the ability of a man-in-the-middle attacker to spoof valid RADIUS messages. The vulnerability is referred to as BlastRADIUS and has assigned CVE-2024-3596 What is this vulnerability? CVE-2024-3596 identifies RADIUS protocol (RFC 2865) being susceptible to allow modifying of responses...
Mist-Juniper is planning to discontinue support for TLS1.1 in the Mist cloud infrastructure and will only support TLS version 1.2 and the following cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 This is to ensure that we continue to provide a robust and secure cloud infrastructure. Any tools and systems accessing the Mist...