DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
| Our reference | DIVD-2023-00035 |
| Case lead | Alwin Warringa |
| Author | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Upgrade by installing the issued patch as soon as possible. |
| Patch status | patches available |
| Workaround | Disable J-Web or limit access to trusted devices. |
| Status | Closed |
| Last modified | 06 May 2024 08:50 CEST |
Summary
Multiple vulnerabilities have been discovered in Juniper Networks SRX- and EX-Series. By chaining these vulnerabilities, an unauthenticated attacker can achieve Remote Command Execution (RCE) and compromise the underlying operating system. Juniper urges everyone to upgrade to the patched versions as soon as possible.
Recommendations
Juniper has released a patch for all affected versions and urges users to install it as soon as possible. If this is not an option, disable J-Web or limit access to trusted devices.
- For EX Series, the following releases have resolved this via PR 1735387: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.
- For SRX Series, the following releases have resolved this via PR 1736942: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1*, and all subsequent releases.
What we are doing
DIVD is scanning for vulnerable systems. Owners of such systems will receive a notification with this casefile and remediation steps.
Timeline
| Date | Description |
|---|---|
| 11 Sep 2023 | DIVD starts scanning for this vulnerability. |
| 11 Sep 2023 | First version of this casefile. |
| 11 Sep 2023 | DIVD starts researching fingerprint |
| 28 Nov 2023 | DIVD identified vulnerable devices |
| 29 Nov 2023 | DIVD started notifying stakeholders |
| 06 May 2024 | Case closed. |
gantt
title DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (238 days) :2023-09-11, 2024-05-06
section Events
DIVD starts scanning for this vulnerability. : milestone, 2023-09-11, 0d
First version of this casefile. : milestone, 2023-09-11, 0d
DIVD starts researching fingerprint : milestone, 2023-09-11, 0d
DIVD identified vulnerable devices : milestone, 2023-11-28, 0d
DIVD started notifying stakeholders : milestone, 2023-11-29, 0d
Case closed. : milestone, 2024-05-06, 0d