Security News > 2023 > August > Hackers exploit critical Juniper RCE bug chain after PoC release

Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
One week after Juniper disclosed and released security updates to patch the four flaws that can be chained to achieve remote code execution, watchTowr Labs security researchers released a proof-of-concept exploit targeting the SRX firewall bugs.
While Juniper said there was no evidence of active exploitation, watchTowr Labs said they believe attackers would soon start targeting unpatched Juniper devices in widescale attacks.
As expected, security researchers at the nonprofit internet security organization Shadowserver Foundation revealed today that they'd detected exploitation attempts starting the same day watchTowr Labs' PoC exploit was released.
Exploit released for Juniper firewall bugs allowing RCE attacks.
Hackers exploit BleedingPipe RCE to target Minecraft servers, players.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)