Attacks on Juniper firewalls are currently underway. As security researchers have discovered, thousands of instances are not yet up to date with the latest software and are therefore vulnerable. In addition, a new exploit simplifies attacks.
Even more dangerous
Remote attackers combine multiple security holes without authentication and execute malicious code. This affects firewalls and switches from the SRX and EX series. The attacks have been ongoing since the end of August 2023.
Now security researchers at VulnCheck are warning of a new exploit that no longer requires attackers to upload files to a vulnerable device to initiate an attack. Now certain HTTP requests should be enough to initiate an attack. This simplifies attacks and exacerbates the situation.
This affects the vulnerability (CVE-2023-36845 “medium”) and the researchers now classify the vulnerability as significantly more dangerous. In combination with the other two vulnerabilities (CVE-2023-36844 “medium”, CVE-2023-36846 “medium”), according to Junos, there is a “critical” danger.
The security researchers claim to have discovered almost 15,000 Juniper instances accessible over the Internet during a scan. As an example, they examined 3,000 appliances and found that almost 80 percent had not yet been patched.
Using a scanner from the researchers, admins can check in their network whether they are still using vulnerable Juniper firewalls. If this is the case, you should install the available patches as quickly as possible. In a security warning, the network supplier lists the vulnerable Juno OS versions and the security updates.
To the homepage
#Patch #Thousands #Juniper #firewalls #security #update