19 September 2023

Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw


Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw

Nearly 12,000 Juniper SRX firewalls and EX switches are vulnerable attacks exploiting a recently disclosed flaw that allows a remote attacker to achieve remote code execution without creating a file on the system.

The bug, tracked as CVE-2023-36845, is an input validation issue in the J-Web component of Junos OS that can be used to modify values of certain PHP environment variables and modify application's behavior. The vendor fixed the flaw in August of this year along with a slew of other vulnerabilities (CVE-2023-36844, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).

According to researchers at watchTowr, when chained together, these bugs could allow remote code execution. A proof-of-concept (PoC) exploit created by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode and achieve code execution.

Now, experts at VulnCheck devised another PoC code that relies on CVE-2023-36845 to achieve fileless unauthenticated and remote code execution and establish a reverse shell.

“Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure. Anyone who has an unpatched Juniper firewall should examine it for signs of compromise,” the researchers wrote, adding that they have seen evidence of exploitation in the wild, “and given how slow patching is going, we suspect this will be a useful exploit for attackers for quite some time.”

Back to the list

Latest Posts

North Korea’s Lazarus adds new LightlessCan backdoor to its arsenal

North Korea’s Lazarus adds new LightlessCan backdoor to its arsenal

The hackers posed as a recruiter from Meta to gain access to the network of an aerospace firm.
2 October 2023
Critical Exim flaws put millions of servers at risk of hacker attacks

Critical Exim flaws put millions of servers at risk of hacker attacks

The vulnerabilities could allow attackers to breach the servers and gain access to sensitive data.
2 October 2023
Cyber Security Week in Review: September 29, 2023

Cyber Security Week in Review: September 29, 2023

The world in brief: the MOVEit protocol maker releases fixes for new critical bugs, Cisco warns of a zero-day in IOS and IOS XE software, and more.
29 September 2023