2023-08-29 13:16:39
Exploit for Juniper SRX – vaccine against remote code or instructions for hackers?
The story of four vulnerabilities: why CISA insists on updating firewalls.
Juniper SRX firewalls have recently discovered vulnerabilities that allow remote code execution without authorization. The threat affects devices running on the non-updated JunOS operating system.
Juniper Networks disclosed four medium-severity defects in its EX-series switches and SRX firewalls two weeks ago. Patches have already been released to fix the problems.
Vulnerabilities were found in the J-Web interface written in PHP. Administrators use it to manage and configure Juniper devices on their networks. This interface became vulnerable due to flaws in the authentication processes and interaction with the file system.
The company pointed out that “using a specific request that does not require authentication, an attacker can download arbitrary files via J-Web. This results in the loss of integrity of a certain part of the file system. The vulnerabilities can then be combined with each other.”
WatchTowr Labs researchers developed and published an Exploit (from the English Exploit – means “use something to your advantage”) – a computer program, a piece of program code or a sequence of commands that use a bug or vulnerability to attack computer software, hardware or electronic devices. The goal of an attack is to take control of a computer system, privilege escalation, or a denial of service (DoS or related DDoS) attack.
Exploits are usually classified and named according to: the type of vulnerability they exploit; whether they are local or remote; as well as the result of running an exploit (for example, EoP, DoS, spoofing). One scheme that offers zero-day exploits is Exploit-as-a-Service.