New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now

Networking hardware organization Juniper Networks has unveiled an “out-of-cycle” security update to address multiple flaws in the J-Web element of Junos OS that could be blended to obtain distant code execution on vulnerable installations.

The 4 vulnerabilities have a cumulative CVSS score of 9.8, earning them Critical in severity. They have an impact on all versions of Junos OS on SRX and EX Collection.

“By chaining exploitation of these vulnerabilities, an unauthenticated, network-centered attacker may be ready to remotely execute code on the devices,” the firm mentioned in an advisory unveiled on August 17, 2023.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The J-Web interface lets customers to configure, handle, and watch Junos OS equipment. A brief description of the flaws is as follows –

• CVE-2023-36844 and CVE-2023-36845 (CVSS scores: 5.3) – Two PHP external variable modification vulnerabilities in J-Web of Juniper Networks Junos OS on EX Series and SRX Collection makes it possible for an unauthenticated, network-based mostly attacker to regulate specified, vital environments variables.
• CVE-2023-36846 and CVE-2023-36847 (CVSS scores: 5.3) – Two missing authentications for critical perform vulnerabilities in Juniper Networks Junos OS on EX Collection and SRX Sequence allow for an unauthenticated, network-dependent attacker to induce confined impact to the file method integrity.

A menace actor could send a specifically crafted request to modify sure PHP natural environment variables or add arbitrary data files by means of J-Web sans any authentication to successfully exploit the aforementioned issues.

The vulnerabilities have been resolved in the down below variations –

• EX Sequence – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1
• SRX Series – Junos OS variations 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1

End users are recommended to use the required fixes to mitigate probable distant code execution threats. As a workaround, Juniper Networks is suggesting that end users possibly disable J-Web or restrict accessibility to only reliable hosts.

Located this post fascinating? Observe us on Twitter  and LinkedIn to examine additional exceptional articles we write-up.