19 September 2023

Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw


Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw

Nearly 12,000 Juniper SRX firewalls and EX switches are vulnerable attacks exploiting a recently disclosed flaw that allows a remote attacker to achieve remote code execution without creating a file on the system.

The bug, tracked as CVE-2023-36845, is an input validation issue in the J-Web component of Junos OS that can be used to modify values of certain PHP environment variables and modify application's behavior. The vendor fixed the flaw in August of this year along with a slew of other vulnerabilities (CVE-2023-36844, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).

According to researchers at watchTowr, when chained together, these bugs could allow remote code execution. A proof-of-concept (PoC) exploit created by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode and achieve code execution.

Now, experts at VulnCheck devised another PoC code that relies on CVE-2023-36845 to achieve fileless unauthenticated and remote code execution and establish a reverse shell.

“Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure. Anyone who has an unpatched Juniper firewall should examine it for signs of compromise,” the researchers wrote, adding that they have seen evidence of exploitation in the wild, “and given how slow patching is going, we suspect this will be a useful exploit for attackers for quite some time.”

Back to the list

Latest Posts

Chinese hackers target OpenAI employees in phishing attack

Chinese hackers target OpenAI employees in phishing attack

OpenAI said it disrupted cyber threats from China-based and Iranian groups.
10 October 2024
Fortinet, Mozilla Firefox flaws exploited in the wild

Fortinet, Mozilla Firefox flaws exploited in the wild

Users are urged to update to the latest versions immediately to protect against potential exploitation.
10 October 2024
Mamba 2FA PaaS platform targets Microsoft 365 accounts in advanced AiTM attacks

Mamba 2FA PaaS platform targets Microsoft 365 accounts in advanced AiTM attacks

At $250 per month, the platform offers threat actors well-crafted phishing pages and mechanisms to bypass MFA.
9 October 2024