One month after a patch release, the vast majority of Juniper’s SRX firewalls and EX series switches remain vulnerable to a group of flaws that, when combined, can lead to remote code execution, according to vendor VulnCheck of the threat intelligence platform.
In his discoveries, The Register reports itVulnCheck says that on August 17, Juniper announced that it had found and patched five separate vulnerabilities affecting all versions of the Junos operating system on SRX firewalls and EX series switches.
These vulnerabilities are now tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851. While individually they have a severity rating of 5.3, collectively they earned a rating of 9.8 and were considered critical. Some researchers say that by chaining these five together, threat actors are able to perform remote code execution, which could lead to a whole host of other problems, such as malware distribution. Other researchers believe that it will be enough to link just a few of them.
Exploit known flaws
Now, one month later, approximately four in five Juniper SRX firewalls and EX series switches (79%) have yet to be repaired and remain vulnerable to these flaws. To make matters worse, more than ten days ago Juniper updated its security advisory to say that it had observed threat actors attempting to exploit these flaws.
According to extensive research, hackers are more likely to abuse older, more well-known flaws rather than trying to discover their own zero-day vulnerabilities. This is because older flaws already have a proof of concept and are easily exploitable, especially knowing that many companies are not as diligent when it comes to applying patches and updates.
To stay safe, companies are advised to apply new fixes and patches as soon as they launch or have a robust patching schedule to stick to.
If you are unsure whether or not your firewall is vulnerable to CVE-2023-36845, VulnCheck has released a free scan tool that you can find at this link.
Leave a Reply