Security News > 2023 > November > CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

The U.S. Cybersecurity and Infrastructure Security Agency has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August.

The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation -.

The vulnerabilities, per Juniper, could be fashioned into an exploit chain to achieve remote code execution on unpatched devices.

Juniper, in an update to its advisory on November 8, 2023, said it's "Now aware of successful exploitation of these vulnerabilities," recommending that customers update to the latest versions with immediate effect.

The development comes as Cyfirma disclosed that exploits for critical vulnerabilities are being offered for sale on darknet forums and Telegram channels.

"These vulnerabilities encompass elevation of privilege, authentication bypass, SQL injection, and remote code execution, posing significant security risks," the cybersecurity firm said, adding, "Ransomware groups are actively searching for zero-day vulnerabilities in underground forums to compromise a large number of victims."

News URL

https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html