Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

2 days ago 19

Sep 19, 2023THNNetwork Security / Exploit

RCE Vulnerability

New probe has recovered that adjacent to 12,000 internet-exposed Juniper firewall devices are susceptible to a precocious disclosed distant codification execution flaw.

VulnCheck, which discovered a caller exploit for CVE-2023-36845, said it could beryllium exploited by an "unauthenticated and distant attacker to execute arbitrary codification connected Juniper firewalls without creating a record connected the system."

CVE-2023-36845 refers to a medium-severity flaw successful the J-Web constituent of Junos OS that could beryllium weaponized by a menace histrion to power certain, important situation variables. It was patched by Juniper Networks past period alongside CVE-2023-36844, CVE-2023-36846, and CVE-2023-36847 successful an out-of-cycle update.


A consequent proof-of-concept (PoC) exploit devised by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP record containing malicious shellcode and execute codification execution.

The latest exploit, connected the different hand, impacts older systems and tin beryllium written utilizing a azygous cURL command. Specifically, it relies connected conscionable CVE-2023-36845 to recognize the aforesaid objective.

RCE Vulnerability

This, successful turn, is accomplished by utilizing the modular input watercourse (aka stdin) to acceptable the PHPRC situation adaptable to "/dev/fd/0" via a specially crafted HTTP request, efficaciously turning "/dev/fd/0" into a makeshift file, and leak delicate information.

Arbitrary codification execution is past achieved by leveraging PHP's auto_prepend_file and allow_url_include options successful conjunction with the data:// protocol wrapper.


Identity is the New Endpoint: Mastering SaaS Security successful the Modern Age

Dive heavy into the aboriginal of SaaS information with Maor Bin, CEO of Adaptive Shield. Discover wherefore individuality is the caller endpoint. Secure your spot now.

Supercharge Your Skills

"Firewalls are absorbing targets to APT arsenic they assistance span into the protected web and tin service arsenic utile hosts for C2 infrastructure," Jacob Baines said. "Anyone who has an unpatched Juniper firewall should analyse it for signs of compromise."

Juniper has since disclosed that it's not alert of a palmy exploit against its customers, but warned that it has detected exploitation attempts successful the wild, making it imperative that users use the indispensable fixes to mitigate imaginable threats.

Found this nonfiction interesting? Follow america connected Twitter and LinkedIn to work much exclusive contented we post.

Read Entire Article