Thursday, June 13, 2024

Junos OS Flaw Allows Attackers to Flood System and Expose Sensitive Data

Three new vulnerabilities have been discovered in Junos OS: password disclosure, MAC address validation bypass, and Time-of-check Time-of-use (TOCTOU) Race Condition. The severity of these vulnerabilities ranges between 5.3 (Medium) to 6.1 (Medium).

Juniper Networks has released patches and security advisories for addressing these vulnerabilities. It is worth mentioning that there was a command injection vulnerability previously discovered in the SRX and EX series firewalls that affected more than 15,000 firewalls worldwide.

Vulnerability details

CVE-2023-44187: Passwords Disclosure

This vulnerability can be exploited by an authenticated threat actor with shell access to execute the ‘file copy’ command on the Junos OS evolved, which allows viewing passwords supplied on the CLI command line. 

These credentials can later be used by threat actors for various malicious purposes, which include unauthorized remote access to vulnerable systems. The severity of this vulnerability has been given as 5.9 (Medium).

ProductsAffected versionsFixed in Versions
Juniper Networks Junos OS EvolvedAll versions prior to 20.4R3-S7-EVO;21.1 versions 21.1R1-EVO and later;21.2 versions prior to 21.2R3-S5-EVO;21.3 versions prior to 21.3R3-S4-EVO;21.4 versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S2-EVO;22.2 versions prior to 22.2R2-EVO.Junos OS Evolved: 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases

CVE-2023-44189: MAC Address Validation Bypass

This particular vulnerability exists in insufficient validation in MAC address validation used blocking MAC addresses not intended to reach the adjacent LANs. This vulnerability allows a network-adjacent threat actor to bypass MAC address checking, causing a loop and congestion condition.

The severity of this vulnerability has been given as 6.1 (Medium). However, this vulnerability exists in the Junos OS Evolved: PTX10003 Series routers. 

ProductsAffected versionsFixed in Versions
Junos OS Evolved on PTX10003 SeriesAll versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S3-EVO;22.2 version 22.2R1-EVO and later versions;22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;23.2 versions prior to 23.2R2-EVO.Junos OS Evolved: 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.

CVE-2023-44188: Junos OS jkdsd Crash

This is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability, which allows network-based authenticated threat actors to flood the system with multiple telemetry requests, which could cause the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, resulting in a Denial of Service (DoS). 

Furthermore, this denial-of-service condition persists due to the continued receipt and processing of multiple telemetry requests, which repeatedly crashes the jkdsd process. The severity of this vulnerability has been given as 5.3 (Medium).

ProductsAffected versionsFixed in Versions
Juniper Networks Junos OS20.4 versions prior to 20.4R3-S9;21.1 versions 21.1R1 and later;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S5;22.1 versions prior to 22.1R3-S4;22.2 versions prior to 22.2R3-S2;22.3 versions prior to 22.3R2-S1, 22.3R3-S1;22.4 versions prior to 22.4R2-S2, 22.4R3;23.1 versions prior to 23.1R2;23.2 versions prior to 23.2R2.Junos OS: 20.4R3-S9, 21.2R3-S6, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S1, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1, 23.2R2, 23.3R1, and all subsequent

Users of these products are recommended to upgrade to the fixed versions to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


Latest articles

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles