19 September 2023

Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw


Over 10,000 Juniper firewalls vulnerable to recently disclosed RCE flaw

Nearly 12,000 Juniper SRX firewalls and EX switches are vulnerable attacks exploiting a recently disclosed flaw that allows a remote attacker to achieve remote code execution without creating a file on the system.

The bug, tracked as CVE-2023-36845, is an input validation issue in the J-Web component of Junos OS that can be used to modify values of certain PHP environment variables and modify application's behavior. The vendor fixed the flaw in August of this year along with a slew of other vulnerabilities (CVE-2023-36844, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851).

According to researchers at watchTowr, when chained together, these bugs could allow remote code execution. A proof-of-concept (PoC) exploit created by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode and achieve code execution.

Now, experts at VulnCheck devised another PoC code that relies on CVE-2023-36845 to achieve fileless unauthenticated and remote code execution and establish a reverse shell.

“Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure. Anyone who has an unpatched Juniper firewall should examine it for signs of compromise,” the researchers wrote, adding that they have seen evidence of exploitation in the wild, “and given how slow patching is going, we suspect this will be a useful exploit for attackers for quite some time.”

Back to the list

Latest Posts

Critical Aviatrix Controller flaw exploited to install backdoors and cryptominers

Critical Aviatrix Controller flaw exploited to install backdoors and cryptominers

The vulnerability allows attackers to escalate privileges and gain full control of cloud resources.
13 January 2025
Over 4K active hacker backdoors found in expiring or abandoned domains

Over 4K active hacker backdoors found in expiring or abandoned domains

Several of the web shells had been backdoored by their original maintainers, leaking critical information.
13 January 2025
Microsoft takes legal action against hackers exploiting AI for malicious purposes

Microsoft takes legal action against hackers exploiting AI for malicious purposes

The group accessed generative AI services and manipulated the system to produce harmful content.
13 January 2025