轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202604-00000008

[內容說明]
Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) 存在重大資安漏洞(CVE-2026-33784，CVSS：9.8)，此為使用預設密碼漏洞，允許攻擊者使用已知預設憑證登入並取得高權限存取，進而可能控制設備。

[影響平台]
Juniper Networks Support Insights vLWC 3.0.94 (不含)之前版本

[建議措施]
請更新至Juniper Networks Support Insights vLWC 3.0.94 (含)之後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10828-12f00-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000008

[Description]
Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) has a critical cybersecurity vulnerability (CVE-2026-33784, CVSS: 9.8). This vulnerability allows attackers to use known default credentials to log in and gain high-privilege access, potentially leading to device control.

[Affected Platforms]
Juniper Networks Support Insights vLWC versions prior to 3.0.94 (excluding 3.0.94)

[Recommended Action]
Please update to Juniper Networks Support Insights vLWC version 3.0.94 or later.

[References]
1. https://www.twcert.org.tw/tw/cp-169-10828-12f00-1.html