Juniper Networks Patches Critical Flaws in Switches and Firewalls
August 21, 2023
Juniper Networks, a leading provider of networking appliances, has announced patches for four vulnerabilities found in the J-Web interface of its Junos OS. These vulnerabilities, when combined, could result in unauthenticated, remote code execution. The flaws, identified as CVE-2023-36844 to CVE-2023-36847, have been given a 'medium' severity rating individually. However, when exploited in a chain, their severity escalates to 'critical', as cautioned by Juniper in an advisory.
The company states, “By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices.” CVE-2023-36844 and CVE-2023-36845 are PHP external variable modification flaws that could enable remote attackers to manipulate environment variables without authentication. Juniper elaborates, “Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.”
The other two vulnerabilities, CVE-2023-36846 and CVE-2023-36847, are related to missing authentication issues that could permit an attacker to upload arbitrary files, thus affecting file system integrity. Juniper explains, “With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.”
To prevent exploitation of these vulnerabilities, Juniper suggests disabling the J-Web interface or restricting access to trusted hosts only. These vulnerabilities affect SRX series firewalls and EX series switches running Junos OS versions prior to the specified ones. Users of the affected SRX and EX series are advised to update their appliances to the latest Junos OS versions as soon as possible. Juniper has not reported any instances of these vulnerabilities being exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned that the exploitation of these vulnerabilities could result in denial-of-service (DoS) conditions.
Latest News
- Critical Vulnerability in Ivanti Sentry API Exploited in the Wild
- Cuba Ransomware Gang Exploits Veeam Vulnerability in Attacks on U.S. Critical Infrastructure
- LabRat Operation: Cryptomining Campaign Uses TryCloudflare to Conceal Infrastructure
- New BlackCat Ransomware Variant Incorporates Advanced Impacket and RemCom Tools
- Global Phishing Campaign Targets Zimbra Email Servers
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.