Network hardware company Juniper Networks has released an “out of cycle” security update to address multiple flaws in the J-Web component of Junos OS. The combination of these flaws could lead to remote code execution on susceptible installations.
The four vulnerabilities have a cumulative CVSS rating of 9.8 and a severity of Critical. These affect all versions of Junos OS on the SRX and EX series.
“A chain of exploits of these vulnerabilities could allow an unauthenticated, network-based attacker to remotely execute code on the device,” the company said. Said In a recommendation released on August 17, 2023.
The J-Web interface allows users to configure, manage, and monitor Junos OS devices. A short description of the flaw is:
- CVE-2023-36844 and CVE-2023-36845 (CVSS Score: 5.3) – Two PHP external variable modification vulnerabilities in J-Web for Juniper Networks Junos OS on EX Series and SRX Series could allow unauthenticated network-based attackers to expose certain sensitive environments You will be able to control variables.
- CVE-2023-36846 and CVE-2023-36847 (CVSS score: 5.3) – Missing two authentications to vulnerabilities in critical features of Juniper Networks Junos OS on EX Series and SRX Series could allow unauthenticated network-based attackers to compromise file systems. May have limited impact on integrity.
A threat actor could send specially crafted requests to modify certain PHP environment variables or upload arbitrary files via J-Web without authentication to exploit the aforementioned issue. there is.
The vulnerability has been resolved in the following versions:
- EX series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1
- SRX series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1
Users are encouraged to apply the necessary fixes to mitigate potential remote code execution threats. As a workaround, Juniper Networks suggests users disable J-Web or limit access to trusted hosts only.