DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
|Case lead||Alwin Warringa|
|Recommendation||Upgrade by installing the issued patch as soon as possible.|
|Patch status||patches available|
|Workaround||Disable J-Web or limit access to trusted devices.|
|Last modified||29 Nov 2023 11:58|
Multiple vulnerabilities have been discovered in Juniper Networks SRX- and EX-Series. By chaining these vulnerabilities, an unauthenticated attacker can achieve Remote Command Execution (RCE) and compromise the underlying operating system. Juniper urges everyone to upgrade to the patched versions as soon as possible.
Juniper has released a patch for all affected versions and urges users to install it as soon as possible. If this is not an option, disable J-Web or limit access to trusted devices.
- For EX Series, the following releases have resolved this via PR 1735387: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.
- For SRX Series, the following releases have resolved this via PR 1736942: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1*, and all subsequent releases.
What we are doing
DIVD is scanning for vulnerable systems. Owners of such systems will receive a notification with this casefile and remediation steps.
|29 Nov 2023||DIVD started notifying stakeholders|
|28 Nov 2023||DIVD identified vulnerable devices|
|11 Sep 2023||DIVD starts scanning for this vulnerability.|
|11 Sep 2023||First version of this casefile.|
|11 Sep 2023||DIVD starts researching fingerprint|