Connect with us

Hi, what are you looking for?



Thousands of Juniper Appliances Vulnerable to New Exploit 

VulnCheck details a new fileless exploit targeting a recent Junos OS vulnerability that thousands of devices have not been patched against.

Threat intelligence firm VulnCheck has published details on a new exploit targeting a recent Junos OS vulnerability and says that thousands of Juniper Networks appliances that have not been patched are at risk.

The flaw, tracked as CVE-2023-36845, is described as a PHP environment variable manipulation issue in the J-Web interface of Juniper’s SRX series firewalls and EX series switches running specific Junos OS versions.

In mid-August, the networking appliances maker released patches for this bug and three other medium-severity issues, warning that an attacker could chain them to achieve remote code execution (RCE) on a vulnerable device, and that the exploit chain should be considered as having a ‘critical severity’ rating.

Roughly one week after Juniper’s patches and following the release of a proof-of-concept (PoC) exploit chaining two of the vulnerabilities, the first malicious attacks targeting the flaws were observed.

Now, VulnCheck says it has developed a new exploit that targets CVE-2023-36845 only, and which leads to RCE without chaining with other bugs.

What’s more, the threat intelligence firm says that the exploit allows an unauthenticated attacker to execute code without creating a file on the vulnerable Juniper appliance’s system, and that most of the internet-exposed Juniper devices remain vulnerable, as they have not been patched yet.

In devising the fileless attack, VulnCheck used as a research base the previously released PoC exploit, which relied on uploading two files to the vulnerable appliance to achieve RCE.

Advertisement. Scroll to continue reading.

VulnCheck discovered that it could leak sensitive information and achieve remote code execution via an HTTP request, by abusing legitimate FreeBSD functions (the vulnerable devices run FreeBSD) and without dropping a single file on the system.

“Just like that, by only using CVE-2023-36845, we’ve achieved unauthenticated and remote code execution without actually dropping a file on disk. Our private exploit establishes a reverse shell, but that’s quite trivial once you’ve reached this point,” VulnCheck notes.

To check the number of potentially affected devices that are exposed to the internet, VulnCheck performed a Shodan search, which returned roughly 15,000 results. An analysis of approximately 3,000 of these devices showed that 79% are not patched against CVE-2023-36845.

“Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for [command-and-control] infrastructure. Anyone who has an unpatched Juniper firewall should examine it for signs of compromise,” VulnCheck notes.

Related: Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Related: Juniper Networks Patches Critical Third-Party Component Vulnerabilities

Related: Juniper Networks Kicks Off 2023 With Patches for Over 200 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.