Critical Vulnerability Affecting Juniper Devices

Juniper Networks had released a security update to address a series of five vulnerabilities in the J-Web component of Junos OS. When chained together, these vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful chained exploitation of the vulnerabilities could allow an unauthenticated attacker to remotely execute code on the vulnerable devices. These vulnerabilities are reportedly being actively exploited as part of an exploit chain.

Details of the vulnerabilities are as follows:

• PHP Environment Variant Manipulation (CVE-2023-36844/CVE-2023-36845) - An unauthenticated attacker is able to utilise a specially crafted request to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

• Missing Authentication for Critical Function (CVE-2023-36846/CVE-2023-36847/CVE-2023-36851) - An unauthenticated attacker is able to upload arbitrary files via J-Web with a specially crafted request, leading to a partial loss of file system integrity, which may allow chaining to other vulnerabilities.

The vulnerabilities affect the following versions of Junos OS on SRX (for firewalls) and EX (for switches) Series:

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution
https://www.bleepingcomputer.com/news/security/thousands-of-juniper-devices-vulnerable-to-unauthenticated-rce-flaw/