Dear Valued Customer,
At Nomios, we prioritise proactive communication and transparency, ensuring that you are always informed of potential developments that might impact your network or cybersecurity.
We want to inform you that we are aware of the recently reported cd00r issue, which has been highlighted in the blog post The J-Magic Show: Magic Packets and Where to Find Them by Lumen. While this issue is currently under investigation by the Juniper Security Incident Response Team (SIRT), it is important to note that no new vulnerabilities have been confirmed or observed by Juniper to date.
Juniper has shared the following best practices to maintain the security of your Junos devices:
- Ensure you are running supported versions of Junos.
- Restrict network access to the device.
- Disable or restrict access to services such as NETCONF, gRPC, SSH, TELNET, and J-Web if not in use.
- Restrict network and physical access to console connections.
- Allow access to devices only from trusted networks, hosts, and administrators.
- Practise good credential hygiene.
Additionally, Juniper has confirmed that the presence of the nfsiod process on older MX Series devices (e.g., MX5, MX40, MX80, MX104) is not indicative of a compromise. This process is seen on older devices due to their architecture and is not present on newer platforms.
Our Advanced Technical Assistance Centre (ATAC) and Managed Services (MS) teams are closely monitoring this situation. We remain in constant communication with Juniper, and we are prepared to act swiftly if any confirmed vulnerabilities arise.
As always, we are here to support you. Should you have any questions or concerns, please do not hesitate to reach out to your dedicated Nomios contact or support team.
We will continue to update you with any new developments regarding this issue.
Kind regards,
Nomios Netherlands
