A story about four vulnerabilities: why CISA insists on updating firewalls.
Juniper SRX firewalls recently discovered vulnerabilities that allow remote code execution without authorization. The threat concerns devices running on the non-updated JunOS operating system.
Juniper Networks disclosed four moderate-severity defects in its EX-series switches and SRX firewalls two weeks ago. Patches have already been released to fix the problems.
Vulnerabilities were found in the J-Web interface written in PHP. Administrators use it to manage and configure Juniper devices in their networks. This interface became vulnerable due to flaws in the authentication and file system interaction processes.
The company pointed out that "with a specific request that does not require authentication, an attacker can upload arbitrary files via J-Web. This leads to a loss of integrity of a certain part of the file system. Vulnerabilities can then be combined with each other."
Researchers from watchTowr Labs have developed and published an exploit that combines two key vulnerabilities: the lack of authentication for a critical function ( CVE-2023-36846) and an error in modifying an external PHP variable ( CVE-2023-36845). A technical article has also been published detailing the problem analysis and development process of the exploit.
So far, there is no data on real attacks using these defects. However, watchTowr Labs suggests that attackers may soon be able to hack into non-updated Juniper devices. "Given the ease of use and privileged position of JunOS devices on the network, this will not be surprising," the researchers warned.
Administrators are advised to install patches or update JunOS to the latest version as soon as possible. Alternatively, you can disable access to the J-Web interface.
In June, CISA issued its first mandatory operating directive of the year . According to the order, US federal agencies must ensure the security of Juniper equipment within two weeks after the discovery of vulnerabilities. The target may be connected to the Internet or incorrectly configured devices.
Juniper SRX firewalls recently discovered vulnerabilities that allow remote code execution without authorization. The threat concerns devices running on the non-updated JunOS operating system.
Juniper Networks disclosed four moderate-severity defects in its EX-series switches and SRX firewalls two weeks ago. Patches have already been released to fix the problems.
Vulnerabilities were found in the J-Web interface written in PHP. Administrators use it to manage and configure Juniper devices in their networks. This interface became vulnerable due to flaws in the authentication and file system interaction processes.
The company pointed out that "with a specific request that does not require authentication, an attacker can upload arbitrary files via J-Web. This leads to a loss of integrity of a certain part of the file system. Vulnerabilities can then be combined with each other."
Researchers from watchTowr Labs have developed and published an exploit that combines two key vulnerabilities: the lack of authentication for a critical function ( CVE-2023-36846) and an error in modifying an external PHP variable ( CVE-2023-36845). A technical article has also been published detailing the problem analysis and development process of the exploit.
So far, there is no data on real attacks using these defects. However, watchTowr Labs suggests that attackers may soon be able to hack into non-updated Juniper devices. "Given the ease of use and privileged position of JunOS devices on the network, this will not be surprising," the researchers warned.
Administrators are advised to install patches or update JunOS to the latest version as soon as possible. Alternatively, you can disable access to the J-Web interface.
In June, CISA issued its first mandatory operating directive of the year . According to the order, US federal agencies must ensure the security of Juniper equipment within two weeks after the discovery of vulnerabilities. The target may be connected to the Internet or incorrectly configured devices.
