Thousands of Juniper devices extremely vulnerable

Some known vulnerabilities, not only together but sometimes individually, still pose a threat to thousands of Juniper devices connected to the Internet.

Approximately 12,000 Juniper SRX firewalls and EX Series switches running Junos OS remain highly vulnerable due to a combination of multiple vulnerabilities. Together they pose a serious threat, but some can be exploited individually for an RCE attack (Remote code execution).

Strong together

Overall, the five vulnerabilities all have a fairly light CVSS score of 5.3. However, when they are linked together, this number rises to the critical value of 9.8. Juniper already released this last month, including a number of solutions. This message was last updated on September 7th.

The link was first discovered by security firm watchTowr, which also recently warned Fortinet about several RCE vulnerabilities. They used the CVE-2023-36845 and CVE-2023-36846 vulnerabilities to upload two files to a vulnerable system, creating one RCE attack Initiate something.

Individual threat

Meanwhile, VulnCheck researchers have found out Jacob Baines that there is also a possibility to exploit a single vulnerability (CVE-2023-36845) for an RCE attack. He didn’t even have to upload a file. According to Baines, it is therefore necessary to re-evaluate the CVSS score of each vulnerability.

He shared a free scanner via GitHub to identify vulnerable systems. It turned out there were thousands. VulnCheck scans found that nearly four out of five online-connected Juniper systems are vulnerable to RCE attacks. That would be almost 12,000 in total.

More than a year ago, Juniper also suffered from several vulnerabilities at the same time. It is still advisable to implement updates as quickly as possible.