Experts have published a proof of concept for the exploit.
About 79% of Juniper SRX's publicly accessible firewalls can be compromised due to a vulnerability that allows attackers to remotely execute code without authentication.
Juniper has identified and fixed five vulnerabilities affecting all versions of Junos OS on SRX firewalls and EX Series switches. Particular attention was drawn to the update of September 7, published after security researchers provided proof of concept of the vulnerability, and Juniper recorded attempts to exploit it.
Two of the vulnerabilities are related to changes in external PHP variables (CVE-2023-36844 and CVE-2023-36845), while the remaining three are characterized as "No authentication for a critical function" (CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).
On August 25, bug hunters WatchTowr published a multi-step proof-of-concept exploit for two bugs, CVE-2023-36845 and CVE-2023-36846, which allowed remote code execution without authentication by uploading two files.
It is not clear why Juniper decided to allocate five unique numbers for vulnerabilities, when two of them are described in the same way. All five errors are rated 5.3 on the CVSS ten-point scale. However, due to the ability to combine them for remote code execution, they collectively received a critical rating of 9.8 CVSS.
The situation gets even worse: VulnCheck on Monday published an analysis in which its CTO Jacob Baines wrote that CVE-2023-36845 alone can provide remote code execution without authentication.
According to VulnCheck, despite the known vulnerabilities, the majority of devices, approximately 15,000, still have not received the necessary updates.
Those who use Juniper devices are advised to install security updates as soon as possible.
About 79% of Juniper SRX's publicly accessible firewalls can be compromised due to a vulnerability that allows attackers to remotely execute code without authentication.
Juniper has identified and fixed five vulnerabilities affecting all versions of Junos OS on SRX firewalls and EX Series switches. Particular attention was drawn to the update of September 7, published after security researchers provided proof of concept of the vulnerability, and Juniper recorded attempts to exploit it.
Two of the vulnerabilities are related to changes in external PHP variables (CVE-2023-36844 and CVE-2023-36845), while the remaining three are characterized as "No authentication for a critical function" (CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).
On August 25, bug hunters WatchTowr published a multi-step proof-of-concept exploit for two bugs, CVE-2023-36845 and CVE-2023-36846, which allowed remote code execution without authentication by uploading two files.
It is not clear why Juniper decided to allocate five unique numbers for vulnerabilities, when two of them are described in the same way. All five errors are rated 5.3 on the CVSS ten-point scale. However, due to the ability to combine them for remote code execution, they collectively received a critical rating of 9.8 CVSS.
The situation gets even worse: VulnCheck on Monday published an analysis in which its CTO Jacob Baines wrote that CVE-2023-36845 alone can provide remote code execution without authentication.
According to VulnCheck, despite the known vulnerabilities, the majority of devices, approximately 15,000, still have not received the necessary updates.
Those who use Juniper devices are advised to install security updates as soon as possible.
