Connect with us

Hi, what are you looking for?



Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution

Juniper Networks has released Junos OS updates to address J-Web vulnerabilities that can be combined to achieve unauthenticated, remote code execution.

Networking appliances maker Juniper Networks has announced patches for four vulnerabilities in the J-Web interface of Junos OS, which could be combined for unauthenticated, remote code execution.

Tracked as CVE-2023-36844 through CVE-2023-36847, the bugs have a severity rating of ‘medium’. Their chained exploitation, however, is rated ‘critical severity’, Juniper warns in an advisory.

“By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices,” the company notes.

CVE-2023-36844 and CVE-2023-36845 are described as PHP external variable modification flaws that could allow remote attackers to control environment variables, without authentication.

“Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities,” Juniper explains.

CVE-2023-36846 and CVE-2023-36847 are described as missing authentication issues that could allow an attacker to upload arbitrary files, leading to impact on file system integrity.

“With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities,” Juniper notes.

Disabling the J-Web interface, or limiting access to trusted hosts only should prevent exploitation of these issues, the company says.

Advertisement. Scroll to continue reading.

The vulnerabilities impact the SRX series firewalls and EX series switches running Junos OS versions prior to 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1.

SRX series and EX series users are advised to update their appliances to the latest Junos OS iterations as soon as possible.

Juniper makes no mention of these vulnerabilities being exploited in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) warns that the exploitation of these vulnerabilities could lead to denial-of-service (DoS) conditions.

Related: Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Related: Juniper Networks Patches Critical Third-Party Component Vulnerabilities

Related: Juniper Networks Kicks Off 2023 With Patches for Over 200 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights