Critical Juniper Networks RCE bug impacts heaps of devices The Register

More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches.
It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches.
The latest vulnerability, tracked as CVE-2024-21591, impacts the software's J-Web configuration interface and carries a 9.8 CVSS severity score, the same as August's exploit, which a threat intel platform told us the vast majority of people didn't bother patching.
The data collated by Censys confirmed the number of exposures, and scans revealed that most exposed devices also displayed their model numbers.
The SRX110H2-VA firewall was by far the most exposed - a device that went end of life in 2018.
South Korea had the greatest number of exposed J-Web interfaces with 3,797 and the US followed with 1,326.
Third-placed Hong Kong had fewer than half the US's exposures with 583, and China, in fourth place, had 455 as of January 11.
As for the nuts and bolts of the issue, an attacker can exploit the out-of-bounds write flaw to achieve various end goals including obtaining root privileges, causing denial of service, or RCE - all without the need for authentication.
Out-of-bounds write vulnerabilities are the number-one culprit for security issues, according to MITRE, and are part of the collection of bugs that the industry is trying to stamp out with a shift to memory-safe languages including Rust.
Juniper Networks said its incident response team hasn't spotted any signs of it being exploited in the wild yet, but that can all change in the days following vulnerability disclosures - especially when EOL equipment is involved.
The disclosure comes months after the US Cybersecurity and Infrastructure Security issued a binding operational directive highlighting the dangers of exposing management interfaces to the public web.
Federal agencies are required to either stop exposing interfaces to the public internet or ensure they're protected with zero-trust-aligned capabilities, with CISA preferring the latter.
Regular orgs should probably do the same, after applying the patches, that is.
In other news, Juniper Networks may soon be part of HPE in a move that will effectively double the enterprise IT giant's networking segment business.
HPE officially announced its intent to buy Juniper lastg week in a deal that could cost around $14 billion - the company's largest acquisition in quite some time.
The most recent deal of this scale was in 2011 for Autonomy, and we all remember that notorious debacle.


This Cyber News was published on go.theregister.com. Publication date: Mon, 15 Jan 2024 20:13:06 +0000


Cyber News related to Critical Juniper Networks RCE bug impacts heaps of devices The Register

Juniper Support Portal Exposed Customer Device Info - Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty ...
10 months ago Krebsonsecurity.com
Critical Juniper Networks RCE bug impacts heaps of devices The Register - More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only ...
11 months ago Go.theregister.com
CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
1 year ago Bleepingcomputer.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
11 months ago Bleepingcomputer.com
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
7 months ago Darkreading.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
9 months ago Darkreading.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
9 months ago Bleepingcomputer.com
CVE-2021-32629 - Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario ...
1 year ago
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
CVE-2022-22184 - An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received ...
1 year ago
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
11 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
11 months ago Securityweek.com
CVE-2021-31354 - An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an ...
3 years ago
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
1 year ago Bleepingcomputer.com
Hewlett Packard Enterprise Acquire Juniper Networks - HPE to acquire Juniper Networks for $14 billion in cash, in a move to bolster its AI networking credentials. Hewlett Packard Enterprise, a veteran of the tech industry, has confirmed a multi billion dollar acquisition of Juniper Networks. HPE ...
11 months ago Silicon.co.uk
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
5 months ago Bleepingcomputer.com
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
5 months ago Bleepingcomputer.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
11 months ago Securityzap.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally - 1, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available ...
2 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)