Published: August 21, 2023

Overview

Juniper Networks has released an “out-of-cycle” security update to address multiple flaws in the J-Web component of JunOS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846 and CVE-2023-36847) have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates.  

Impact

The vulnerabilities are as follows: 

  • CVE-2023-36844 and CVE-2023-36845 (CVSS scores: 5.3) – Two PHP external variable modification vulnerabilities in J-Web of Juniper Networks Junos OS on EX Series and SRX Series. These vulnerabilities allow an unauthenticated, network-based attacker to control certain important environment variables. 
  • CVE-2023-36846 and CVE-2023-36847 (CVSS scores: 5.3) – Two missing authentications for critical function vulnerabilities in Juniper Networks Junos OS on EX Series and SRX Series allow an unauthenticated, network-based attacker to cause limited impact to the file system integrity. 

The vulnerabilities in the J-Web component of Junos OS could have a significant impact on susceptible installations. By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices. This could potentially allow an attacker to gain unauthorized access to the device, steal sensitive information, or disrupt the normal functioning of the device. 

Applicable Versions

The vulnerabilities affect all versions of Junos OS on SRX and EX Series.  

 The following versions have been released to address these vulnerabilities: 

  • EX Series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1 
  • SRX Series – Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1 

Mitigations and Workarounds

As a workaround, Juniper Networks is suggesting that users either disable J-Web or limit access to only trusted hosts. To avoid exploitation and mitigate the vulnerabilities in the J-Web component of Junos OS, users are recommended to apply the latest software patch available for Junos OS to mitigate these threats. 

Best Practices

Here are some best practices to prevent CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 from being exploited and lessen the impact: 

To avoid exploitation and mitigate the vulnerabilities in the J-Web component of Junos OS, users are recommended to apply the latest software patch available for Junos OS . In addition, there are several best practices that can help reduce the risk of exploitation: 

  • Use access lists or firewall filters to limit access to the device only from trusted hosts. 
  • Disable J-Web if it is not needed. 
  • Limit access to J-Web from only trusted networks. 

By following these best practices, users can reduce the risk of exploitation and help to prevent CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 from being exploited and minimize the impact if it is exploited. 

Netsurion Detection and Response

Netsurion researchers are continuously monitoring the exploits of this vulnerability. Our security analysts will add the IOCs (Indicators of Compromise – the hashes of malicious files and the IP addresses) to Netsurion Threat Center, our threat intelligence platform. This will help detect malicious files and suspicious Command and Control communications to malicious IP addresses to detect the exploitation of this vulnerability. Netsurion’s vulnerability management system will also detect the vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846 and CVE-2023-36847) for customers who have subscribed to Netsurion Vulnerability Management. 

References:

  1. https://thehackernews.com/2023/08/new-juniper-junos-os-flaws-expose.html  
  2. https://www.csoonline.com/article/556995/juniper-patches-high-risk-flaws-in-junos-os.html  
  3. https://www.securityweek.com/flaws-in-juniper-switches-and-firewalls-can-be-chained-for-remote-code-execution/  
  4. https://www.cisa.gov/news-events/alerts/2023/08/18/juniper-releases-security-advisory-multiple-vulnerabilities-junos-os  
  5. https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US  
Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4