Version 1.0: Proof-of-Concept Exploit Released for Vulnerabilities in Juniper Firewalls and Switches

A comprehensive technical description and a Proof-of-Concept (PoC) exploit for vulnerabilities in Juniper’s Junos OS, specifically targeting the SRX (Firewalls) and EX (Switches) series, were published by watchTowr on August 25. The disclosed content focuses on vulnerabilities within the J-Web component, which the manufacturer had only recently announced on August 17. Juniper has not yet provided patches for all affected versions. These security flaws allow an attacker to execute code without authentication when exploited in combination. Although each of the four vulnerabilities is rated with a CVSS of 5.3 (“medium”), their combined impact, according to Juniper Networks, results in a score of 9.8 (“critical”).

CVE-2023-36844 and CVE-2023-36845 These vulnerabilities enable a network-based attacker to modify crucial environment variables without requiring authentication.

CVE-2023-36846 and CVE-2023-36847 These vulnerabilities empower attackers to upload arbitrary files through J-Web with a specific request, all without the need for authentication. This upload capability leads to a loss of integrity for a specific portion of the file system.

As these vulnerabilities have the potential to compromise the security and integrity of affected systems, users are advised to take prompt action and implement any available patches provided by Juniper. It is crucial to address these vulnerabilities to prevent potential unauthorized code execution and maintain the overall security of Juniper’s SRX and EX series devices.