Attackers can exploit vulnerabilities in the Junos OS network operating system and thus gain access to certain Juniper firewalls and switches. However, the majority of security patches have not yet been released. It is currently unknown whether there are already attacks.
Advertisement
The security gaps
The developers write in a warning messagethat from the gaps (CVE-2023-36846 “medium“, CVE-2023-36851 “medium“, CVE-2024-21620 “high“, CVE-2024-21619 “medium“) all Junos OS releases for SRX series firewalls and EX series switches are at risk.
The vulnerabilities affect the J-Web component. The message reads as if the configuration would be necessary for a vulnerability [system services web-management http] or [system services web-management https] be active.
In the context of the vulnerability, which is classified as the most dangerous, attackers can execute their own commands as part of an XSS attack. Depending on the status of the victim, this should also be possible with admin rights. It is not clear from the description whether this is a persistent XSS attack. To initiate an attack, a victim must click on a URL crafted by an attacker.
Patch now!
In the other cases, attackers can affect the integrity of the file system without authentication. So far only the versions that are protected against the attacks are available Junos OS 20.4R3-S9, 21.3R3-S5, 23.2R1-S2 and 23.4R1 appeared. Further security patches have been announced. Juniper has not yet given a specific date. The developers point out that EoL editions will no longer receive security updates. Admins should upgrade at these points.
(of)