12,000 Juniper Firewall Devices Vulnerable To Hackers
VulnCheck Discovers Insecurities
Overt Operator
September 19, 2023
New research has revealed that nearly 12,000 internet-exposed Juniper firewall devices are at risk from a recently disclosed remote code execution flaw. The exploit, which was discovered by VulnCheck, could allow an unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system.
The vulnerability, known as CVE-2023-36845, refers to a medium-severity flaw in the J-Web component of Junos OS. Threat actors can weaponize this vulnerability to control certain important environmental variables. Juniper Networks released a patch for CVE-2023-36845, as well as CVE-2023-36844, CVE-2023-36846, and CVE-2023-36847, in an out-of-cycle update last month.
A proof-of-concept (PoC) exploit developed by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode, thereby achieving code execution. However, the latest exploit impacts older systems and can be written using a single cURL command, relying solely on CVE-2023-36845 to accomplish the same objective.
To exploit the vulnerability, the attacker utilizes the standard input stream, also known as stdin, to set the PHPRC environment variable to "/dev/fd/0" through a carefully crafted HTTP request. This effectively converts "/dev/fd/0" into a makeshift file and allows for the leakage of sensitive information.
Network administrators and users of Juniper firewall devices are encouraged to update their systems to protect against this remote code execution flaw. Failure to address this vulnerability could leave devices and networks exposed to potential attacks.
To minimize the risk of exploitation, it is crucial to follow best practices for network security. This includes keeping software and firmware up to date, applying patches as soon as they are available, regularly monitoring for security vulnerabilities, and employing strong access controls and authentication measures.
As cyber threats continue to evolve, organizations need to remain vigilant and proactive in protecting their networks and data. Regular vulnerability assessments and penetration testing can help identify and address potential weaknesses, ensuring the security and integrity of network infrastructures.
By staying informed about the latest security vulnerabilities and taking appropriate measures to mitigate risk, organizations can effectively safeguard their network assets and mitigate the potential impact of cyberattacks.