DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
| Our reference | DIVD-2023-00035 |
| Case lead | Alwin Warringa |
| Author | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Upgrade by installing the issued patch as soon as possible. |
| Patch status | patches available |
| Workaround | Disable J-Web or limit access to trusted devices. |
| Status | Open |
| Last modified | 29 Nov 2023 11:58 |
Summary
Multiple vulnerabilities have been discovered in Juniper Networks SRX- and EX-Series. By chaining these vulnerabilities, an unauthenticated attacker can achieve Remote Command Execution (RCE) and compromise the underlying operating system. Juniper urges everyone to upgrade to the patched versions as soon as possible.
Recommendations
Juniper has released a patch for all affected versions and urges users to install it as soon as possible. If this is not an option, disable J-Web or limit access to trusted devices.
- For EX Series, the following releases have resolved this via PR 1735387: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.
- For SRX Series, the following releases have resolved this via PR 1736942: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1*, and all subsequent releases.
What we are doing
DIVD is scanning for vulnerable systems. Owners of such systems will receive a notification with this casefile and remediation steps.
Timeline
| Date | Description |
|---|---|
| 29 Nov 2023 | DIVD started notifying stakeholders |
| 28 Nov 2023 | DIVD identified vulnerable devices |
| 11 Sep 2023 | DIVD starts scanning for this vulnerability. |
| 11 Sep 2023 | First version of this casefile. |
| 11 Sep 2023 | DIVD starts researching fingerprint |
gantt
title DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (still open) :2023-09-11, 2024-05-02
section Events
DIVD started notifying stakeholders : milestone, 2023-11-29, 0d
DIVD identified vulnerable devices : milestone, 2023-11-28, 0d
DIVD starts scanning for this vulnerability. : milestone, 2023-09-11, 0d
First version of this casefile. : milestone, 2023-09-11, 0d
DIVD starts researching fingerprint : milestone, 2023-09-11, 0d