Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all

2023-09-18 22:30

About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck.

Juniper revealed and addressed five flaws, which affect all versions of Junos OS on SRX firewalls and EX Series switches, in an out-of-cycle security bulletin on August 17.

It's unclear why Juniper chose to enumerate five CVEs instead of two.

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.

Juniper did not respond to The Register's inquiries about the new RCE exploit, the confusing CVE descriptions, or the number of still-vulnerable devices.

Despite the flaws in Juniper's kit being known, and shown to be a real threat, VulnCheck believes the majority of affected internet-facing firewalls - about 15,000 devices - still aren't patched.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/18/juniper_firewalls_rce/

#exploit #firewall #hijacks #juniper #junos

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Juniper		220	108	432	226	44	810

News URL

Related news

Related vendor