CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface have been successfully exploited in the wild. "Juniper SIRT is now aware of successful exploitation of these vulnerabilities. Customers are urged to immediately upgrade," the company said. The warnings come after the ShadowServer threat monitoring service revealed it was already detecting exploitation attempts on August 25th, one week after Juniper released security updates to patch the flaws and as soon as watchTowr Labs security researchers also released a proof-of-concept exploit. According to Shadowserver data, over 10,000 Juniper devices have their vulnerable J-Web interfaces exposed online, most from South Korea. Administrators are urged to immediately secure their devices by upgrading JunOS to the most recent release or, as a minimum precaution, restrict Internet access to the J-Web interface to eliminate the attack vector. "Given the simplicity of exploitation, and the privileged position that JunOS devices hold in a network, we would not be surprised to see large-scale exploitation," watchTowr Labs researchers said in August. "Those running an affected device are urged to update to a patched version at their earliest opportunity, and/or to disable access to the J-Web interface if at all possible." Today, CISA also added the four actively exploited Juniper vulnerabilities to its Known Exploited Vulnerabilities Catalog, tagging them as "Frequent attack vectors for malicious cyber actors" and posing "Significant risks to the federal enterprise." With their addition to CISA's KEV list, U.S. Federal Civilian Executive Branch Agencies now must secure Juniper devices on their networks within a limited timeframe, following a binding operational directive issued one year ago. After today's KEV catalog update, federal agencies must complete the upgrading of all Juniper devices within the next four days, by November 17th. While BOD 22-01 primarily targets U.S. federal agencies, CISA strongly encourages all organizations, including private companies, to prioritize patching the vulnerabilities as soon as possible. In June, CISA issued the first binding operational directive of the year, instructing U.S. federal agencies to enhance the security of Internet-exposed or misconfigured networking equipment, such as Juniper's firewall and switch devices, within a two-week window following discovery. HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks. Hackers exploit recent F5 BIG-IP flaws in stealthy attacks. Ransomware gangs now exploiting critical TeamCity RCE flaw. Hackers hijack Citrix NetScaler login pages to steal credentials. Thousands of Juniper devices vulnerable to unauthenticated RCE flaw.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000