Estimated 12,000 Juniper Devices Vulnerable to RCE Vulnerability

An alarming security concern has arisen within the Juniper network infrastructure, potentially putting an estimated 12,000 Juniper SRX firewalls and EX switches at risk. This vulnerability allows for a fileless remote code execution (RCE) attack, and what makes it even more concerning is the fact that it can be exploited without the need for user authentication. In this blog, we will delve into the details of this vulnerability, its impact, and, most importantly, how to safeguard your systems effectively. 

What are the details on the Juniper RCE vulnerability?

In August, Juniper issued a security advisory highlighting several vulnerabilities, each initially rated as ‘medium’ severity. However, when these vulnerabilities are combined, they elevate the overall threat level to a critical severity rating of 9.8. Subsequently, security researchers wasted no time in releasing proof-of-concept (PoC) exploits that demonstrate a streamlined method for exploiting this vulnerability effectively. 

The vulnerability affects multiple versions of Junos OS on the EX Series and SRX Series. Even though a security update addressing the vulnerability was released in August, the initial lower severity rating may have led to delayed adoption by users. 

The CVE-2023-36845 vulnerability impacts the following versions of Junos OS on EX Series and SRX Series: 

• All versions before 20.4R3-S8 
• 21.1 version 21.1R1 and later versions 
• 21.2 versions before 21.2R3-S6 
• 21.3 versions before 21.3R3-S5 
• 21.4 versions before 21.4R3-S5 
• 22.1 versions before 22.1R3-S3 
• 22.2 versions before 22.2R3-S2 
• 22.3 versions before 22.3R2-S2, 22.3R3 
• 22.4 versions before 22.4R2-S1, 22.4R3

What is Nuspire doing?

At Nuspire, we take cybersecurity seriously. We proactively apply patches as soon as they are released, following vendor recommendations to ensure the security of our clients. Additionally, we actively engage in threat hunting within client environments to swiftly identify any indications of compromise and neutralize emerging threats. 

How should I protect myself from the Juniper RCE vulnerability?

Due to the new discovery of the combined vulnerabilities, organizations that utilize Juniper SRX firewalls and EX switches should act quickly: 

• Immediate Patching: It is paramount that affected organizations apply the provided patches from Juniper as soon as possible. Given the availability of PoC exploits and the critical nature of the vulnerability, there is no doubt threat actors will maliciously abuse this vulnerability. 
• Educate Network Admins: Make sure that network administrators are informed about the associated risks and remain vigilant for any unusual network activities. 

The Juniper RCE vulnerability poses a significant threat to the security and integrity of network infrastructures. Understanding its gravity and taking swift, proactive measures is the key to mitigating risks and ensuring the safety of your systems and data. Stay secure, stay vigilant and stay protected against evolving cyber threats.