Security News > 2023 > November > CISA warns of actively exploited Juniper pre-auth RCE exploit chain

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain.
The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface have been successfully exploited in the wild.
The warnings come after the ShadowServer threat monitoring service revealed it was already detecting exploitation attempts on August 25th, one week after Juniper released security updates to patch the flaws and as soon as watchTowr Labs security researchers also released a proof-of-concept exploit.
Today, CISA also added the four actively exploited Juniper vulnerabilities to its Known Exploited Vulnerabilities Catalog, tagging them as "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise."
After today's KEV catalog update, federal agencies must complete the upgrading of all Juniper devices within the next four days, by November 17th. While BOD 22-01 primarily targets U.S. federal agencies, CISA strongly encourages all organizations, including private companies, to prioritize patching the vulnerabilities as soon as possible.
Thousands of Juniper devices vulnerable to unauthenticated RCE flaw.
News URL
Related news
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)