An alarming security concern has arisen within the Juniper network infrastructure, potentially putting an estimated 12,000 Juniper SRX firewalls and EX switches at risk. This vulnerability allows for a fileless remote code execution (RCE) attack, and what makes it even more concerning is the fact that it can be exploited without the need for user authentication. In this blog, we will delve into the details of this vulnerability, its impact, and, most importantly, how to safeguard your systems effectively.
In August, Juniper issued a security advisory highlighting several vulnerabilities, each initially rated as ‘medium’ severity. However, when these vulnerabilities are combined, they elevate the overall threat level to a critical severity rating of 9.8. Subsequently, security researchers wasted no time in releasing proof-of-concept (PoC) exploits that demonstrate a streamlined method for exploiting this vulnerability effectively.
The vulnerability affects multiple versions of Junos OS on the EX Series and SRX Series. Even though a security update addressing the vulnerability was released in August, the initial lower severity rating may have led to delayed adoption by users.
The CVE-2023-36845 vulnerability impacts the following versions of Junos OS on EX Series and SRX Series:
At Nuspire, we take cybersecurity seriously. We proactively apply patches as soon as they are released, following vendor recommendations to ensure the security of our clients. Additionally, we actively engage in threat hunting within client environments to swiftly identify any indications of compromise and neutralize emerging threats.
Due to the new discovery of the combined vulnerabilities, organizations that utilize Juniper SRX firewalls and EX switches should act quickly:
The Juniper RCE vulnerability poses a significant threat to the security and integrity of network infrastructures. Understanding its gravity and taking swift, proactive measures is the key to mitigating risks and ensuring the safety of your systems and data. Stay secure, stay vigilant and stay protected against evolving cyber threats.