Home Security New Juniper Junos OS Flaws Expose Gadgets to Distant Assaults

New Juniper Junos OS Flaws Expose Gadgets to Distant Assaults

by crpt os


Aug 19, 2023THNNetwork Security / Vulnerability

Networking hardware company Juniper Networks has released an “out-of-cycle” security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations.

The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series.

“By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices,” the company said in an advisory released on August 17, 2023.

Cybersecurity

The J-Web interface allows users to configure, manage, and monitor Junos OS devices. A brief description of the flaws is as follows –

  • CVE-2023-36844 and CVE-2023-36845 (CVSS scores: 5.3) – Two PHP external variable modification vulnerabilities in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.
  • CVE-2023-36846 and CVE-2023-36847 (CVSS scores: 5.3) – Two missing authentications for critical function vulnerabilities in Juniper Networks Junos OS on EX Series and SRX Series allow an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

A threat actor could send a specially crafted request to modify certain PHP environment variables or upload arbitrary files via J-Web sans any authentication to successfully exploit the aforementioned issues.

Cybersecurity

The vulnerabilities have been addressed in the below versions –

  • EX Series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1
  • SRX Series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1

Users are recommended to apply the necessary fixes to mitigate potential remote code execution threats. As a workaround, Juniper Networks is suggesting that users either disable J-Web or limit access to only trusted hosts.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex