Security News > 2023 > September > Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication.
In a later technical report, watchTowr Labs released a PoC that chained the CVE-2023-36845 and CVE-2023-36846 flaws, allowing the researchers to remotely execute code by uploading two files to a vulnerable device.
As part of Baines' report, the researcher shared a free scanner on GitHub to help identify vulnerable deployments, showing thousands of vulnerable devices exposed on the internet.
From a sample size of 3,000 devices, Baines found that 79% were vulnerable to this RCE flaw.
Exploit released for Juniper firewall bugs allowing RCE attacks.
Hackers exploit critical Juniper RCE bug chain after PoC release.
News URL
Related news
- Juniper Networks fixes flaws leading to RCE in firewalls and switches (source)
- PoC for no-auth RCE on Juniper firewalls released (source)
- Exploit released for Juniper firewall bugs allowing RCE attacks (source)
- Hackers exploit critical Juniper RCE bug chain after PoC release (source)
- Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released (source)
- Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-17 | CVE-2023-36846 | Missing Authentication for Critical Function vulnerability in Juniper Junos A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. | 5.3 |
| 2023-08-17 | CVE-2023-36845 | PHP External Variable Modification vulnerability in Juniper Junos A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | 5.3 |