14.8 C
New York
Tuesday, April 23, 2024

New Juniper Junos OS Flaws Expose Gadgets to Distant Assaults


Aug 19, 2023THNCommunity Safety / Vulnerability

Juniper Junos OS

Networking {hardware} firm Juniper Networks has launched an “out-of-cycle” safety replace to deal with a number of flaws within the J-Internet part of Junos OS that could possibly be mixed to realize distant code execution on vulnerable installations.

The 4 vulnerabilities have a cumulative CVSS ranking of 9.8, making them Vital in severity. They have an effect on all variations of Junos OS on SRX and EX Sequence.

“By chaining exploitation of those vulnerabilities, an unauthenticated, network-based attacker could possibly remotely execute code on the gadgets,” the corporate mentioned in an advisory launched on August 17, 2023.

Cybersecurity

The J-Internet interface permits customers to configure, handle, and monitor Junos OS gadgets. A quick description of the failings is as follows –

  • CVE-2023-36844 and CVE-2023-36845 (CVSS scores: 5.3) – Two PHP exterior variable modification vulnerabilities in J-Internet of Juniper Networks Junos OS on EX Sequence and SRX Sequence permits an unauthenticated, network-based attacker to manage sure, vital environments variables.
  • CVE-2023-36846 and CVE-2023-36847 (CVSS scores: 5.3) – Two lacking authentications for essential perform vulnerabilities in Juniper Networks Junos OS on EX Sequence and SRX Sequence enable an unauthenticated, network-based attacker to trigger restricted impression to the file system integrity.

A risk actor may ship a specifically crafted request to switch sure PHP surroundings variables or add arbitrary recordsdata by way of J-Internet sans any authentication to efficiently exploit the aforementioned points.

Cybersecurity

The vulnerabilities have been addressed within the under variations –

  • EX Sequence – Junos OS variations 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1
  • SRX Sequence – Junos OS variations 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1

Customers are beneficial to use the required fixes to mitigate potential distant code execution threats. As a workaround, Juniper Networks is suggesting that customers both disable J-Internet or restrict entry to solely trusted hosts.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles