https://juni.pr/3qvLB5a - 🔐 A recent security bulletin reveals critical vulnerabilities in Juniper Networks Junos OS on SRX and EX Series devices. Multiple weaknesses in the J-Web component have been identified and addressed through specific fixes. These issues affect all versions of Junos OS on the mentioned series, with details outlined for each vulnerable version. By chaining these vulnerabilities, an attacker may remotely execute code on the devices without authentication. #JuniperNetworks #JunosOS #CyberSecurity 🚨 The vulnerabilities are grouped into four distinct CVEs: A PHP External Variable Modification vulnerability in J-Web, leading to partial loss of integrity, allowing further exploitation. A similar vulnerability in J-Web affecting both EX and SRX Series. A Missing Authentication for Critical Function vulnerability in SRX Series, leading to a loss of integrity for parts of the file system. A similar vulnerability in EX Series, causing limited impact to file system integrity. All these vulnerabilities share a CVSS score of 5.3, emphasizing their significance. #CVE #SecurityFlaws 🛠️ Juniper has released solutions to prevent remote code execution (RCE) on both EX and SRX Series through specific releases. They've also offered workarounds, such as disabling J-Web or limiting access to trusted hosts. These issues are being tracked, and Juniper SIRT’s policy does not evaluate releases beyond End of Engineering (EOE) or End of Life (EOL).
