Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them.
Junos OS SRX is a firewall that is used to protect remote offices, branches, campuses, or data centers by extending to every point. EX series is a high-performance access and distribution/core-layer device for enterprise branches.
Juniper Networks has released a security advisory for fixing these vulnerabilities.
This vulnerability allows an unauthenticated network-based attacker to control some important environment variables by utilizing a crafted request and modifying the PHP environment variable, leading to integrity loss. The severity for these vulnerabilities is given as 5.3 (Medium).
An unauthenticated network-based attacker can cause a limited file system integrity impact, requiring authentication to upload arbitrary files through J-Web, leading to integrity loss on some parts of the file system. The severity for these vulnerabilities is given as 5.3 (Medium)
| Product | Affected Version | Fixed in Version |
| Junos OS on SRX Series | All versions prior to 20.4R3-S8;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S5;22.1 versions prior to 22.1R3-S3;22.2 versions prior to 22.2R3-S2;22.3 versions prior to 22.3R2-S2, 22.3R3;22.4 versions prior to 22.4R2-S1, 22.4R3; | 20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2*, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases. |
| Junos OS on EX Series | All versions prior to 20.4R3-S8;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S4;22.1 versions prior to 22.1R3-S3;22.2 versions prior to 22.2R3-S1;22.3 versions prior to 22.3R2-S2, 22.3R3;22.4 versions prior to 22.4R2-S1, 22.4R3. | 20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases. |
Users of these products are recommended to upgrade to the latest version as per the security advisory released by Juniper Networks in order to prevent these vulnerabilities from getting exploited.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal…
The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting…
Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass…
Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic,…
The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as…
North Korean threat actors have demonstrated their adept use of social engineering techniques combined with…