Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw

Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw

Nearly 12,000 Juniper SRX firewalls and EX switches are vulnerable attacks exploiting a recently disclosed flaw that allows a remote attacker to achieve remote code execution without creating a file on the system.

The bug, tracked as CVE-2023-36845, is an input validation issue in the J-Web component of Junos OS that can be used to modify values of certain PHP environment variables and modify application's behavior. The vendor fixed the flaw in August of this year along with a slew of other vulnerabilities (CVE-2023-36844, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).

According to researchers at watchTowr, when chained together, these bugs could allow remote code execution. A proof-of-concept (PoC) exploit created by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode and achieve code execution.

Now, experts at VulnCheck devised another PoC code that relies on CVE-2023-36845 to achieve fileless unauthenticated and remote code execution and establish a reverse shell.

“Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure. Anyone who has an unpatched Juniper firewall should examine it for signs of compromise,” the researchers wrote, adding that they have seen evidence of exploitation in the wild, “and given how slow patching is going, we suspect this will be a useful exploit for attackers for quite some time.”

Back to the list

Latest Posts

Russia-linked espionage operation targeting webmail servers via XSS flaws

Russia-linked espionage operation targeting webmail servers via XSS flaws

The campaign exploits XSS vulnerabilities in widely used webmail servers to steal sensitive data from high-value targets.
15 May 2025
Kosovo man extradited to US for running BlackDB.cc criminal marketplace

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

If convicted on all counts, Masurica faces up to 55 years in federal prison.
14 May 2025
Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Microsoft shipped patches for over 70 flaws, five of which have been flagged as actively exploited zero-day bugs.
14 May 2025