Security News > 2023 > August > Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
One week after Juniper disclosed and released security updates to patch the four flaws that can be chained to achieve remote code execution, watchTowr Labs security researchers released a proof-of-concept exploit targeting the SRX firewall bugs.
While Juniper said there was no evidence of active exploitation, watchTowr Labs said they believe attackers would soon start targeting unpatched Juniper devices in widescale attacks.
As expected, security researchers at the nonprofit internet security organization Shadowserver Foundation revealed today that they'd detected exploitation attempts starting the same day watchTowr Labs' PoC exploit was released.
Exploit released for Juniper firewall bugs allowing RCE attacks.
Hackers exploit BleedingPipe RCE to target Minecraft servers, players.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- Hackers targeting WhatsUp Gold with public exploit since August (source)
- Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)