Emerging Vulnerabilities in Juniper Junos OS Put Devices at Risk of Remote Exploitation
| Product and Affected Versions: Juniper Networks has released an “out-of-cycle” security update to address multiple vulnerabilities in the J-Web component of Junos OS. The affected products and versions are as follows: Product: Junos OS on SRX and EX Series Affected Versions: All versions of Junos OS on SRX and EX Series |
| Severity and CVE IDs: The four vulnerabilities have a cumulative CVSS rating of 9.8, indicating Critical severity. The specific CVE IDs for each vulnerability are as follows: CVE-2023-36844: PHP external variable modification vulnerability in J-Web of Junos OS on EX Series and SRX Series (CVSS score: 5.3) CVE-2023-36845: PHP external variable modification vulnerability in J-Web of Junos OS on EX Series and SRX Series (CVSS score: 5.3) CVE-2023-36846: Missing authentication for critical function vulnerability in Junos OS on EX Series and SRX Series (CVSS score: 5.3) CVE-2023-36847: Missing authentication for critical function vulnerability in Junos OS on EX Series and SRX Series (CVSS score: 5.3) |
| Vulnerability: PHP External Variable Modification Vulnerabilities (CVE-2023-36844 and CVE-2023-36845): These vulnerabilities allow an unauthenticated, network-based attacker to control certain important environment variables in the J-Web of Junos OS on EX Series and SRX Series devices. Missing Authentications for Critical Function Vulnerabilities (CVE-2023-36846 and CVE-2023-36847): These vulnerabilities enable an unauthenticated, network-based attacker to cause limited impact to the file system integrity in Junos OS on EX Series and SRX Series devices. |
| How Attack Works: A threat actor can exploit the vulnerabilities by sending specially crafted requests to the J-Web interface. For the PHP external variable modification vulnerabilities, the attacker can manipulate certain environment variables. For the missing authentication vulnerabilities, the attacker can exploit critical functions without authentication, leading to potential impacts on the file system integrity. |
| Remediations: EX Series: Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1 SRX Series: Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1 Users are recommended to apply the necessary updates to mitigate potential remote code execution threats. As a workaround, Juniper Networks suggests that users either disable J-Web or limit access to only trusted hosts. |
| Reference: Juniper Network Advisory CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847 |
