Security News > 2023 > November > CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain.
The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface have been successfully exploited in the wild.
The warnings come after the ShadowServer threat monitoring service revealed it was already detecting exploitation attempts on August 25th, one week after Juniper released security updates to patch the flaws and as soon as watchTowr Labs security researchers also released a proof-of-concept exploit.
Today, CISA also added the four actively exploited Juniper vulnerabilities to its Known Exploited Vulnerabilities Catalog, tagging them as "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise."
After today's KEV catalog update, federal agencies must complete the upgrading of all Juniper devices within the next four days, by November 17th. While BOD 22-01 primarily targets U.S. federal agencies, CISA strongly encourages all organizations, including private companies, to prioritize patching the vulnerabilities as soon as possible.
Thousands of Juniper devices vulnerable to unauthenticated RCE flaw.
- Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit (source)
- VMware warns admins of public exploit for vRealize RCE flaw (source)
- RCE exploit for Wyze Cam v3 publicly released, patch now (source)
- CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17 (source)
- Exploit for CrushFTP RCE chain released, patch now (source)
- Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (source)