Get in Touch
Indiscriminate, opportunistic targeting.
Juniper Networks has disclosed details relating to the two security flaws affecting their SRX and EX series devices:
- CVE-2023-36845 (CVSSv3 score: 5.3): A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series
- CVE-2023-36846 (CVSSv3 score: 5.3): A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series.
Successful exploitation of CVE-2023-36845 and CVE-2023-36846 together allows an unauthenticated threat actor to impact the file system integrity and allows for remote code execution (RCE).
Successful exploitation of CVE-2023-36845 alone allows unauthenticated threat actors to control important environment variables and display sensitive data. This also allows for RCE.
Juniper Networks has released a security update related to the affected product versions. This means the previous versions are now vulnerable to potential exploitation.
CVE-2023-36845 and CVE-2023-36846 affect Juniper Networks Junos OS on the SRX Series and EX Series versions listed below:
- All versions prior to 20.4R3-S8
- 21.1 version 21.1R1 and later versions
- 21.2 versions prior to 21.2R3-S6
- 21.3 versions prior to 21.3R3-S5
- 21.4 versions prior to 21.4R3-S5
- 22.1 versions prior to 22.1R3-S3
- 22.2 versions prior to 22.2R3-S2
- 22.3 versions prior to 22.3R2-S2, 22.3R3
- 22.4 versions prior to 22.4R2-S1, 22.4R3.
Containment, Mitigations & Remediations
It is highly recommended that all organisations run the relevant security patches as soon as possible. If these patches cannot be applied immediately then organisations are advised to disable J-Web or limit access to trusted hosts only.
More information can be found in the Juniper Networks Advisory.
Indicators of Compromise
There are no specific Indicators of Compromise (IoCs) available currently.
Juniper Networks is a multinational corporation that develops and sells networking products that many clients use across the world. A few notable exploits have been disclosed by Juniper Networks recently and, as some products are still unpatched, many could become prime targets for threat actors. This could lead to unpatched products being exploited in an attempt to view and exfiltrate sensitive data.
No attribution to specific threat actors or groups has been identified at the time of writing.
Common Weakness Enumeration(CWE):
CWE-473 – PHP External Variable Modification
CWE-306– Missing Authentication for Critical Function