New research has found that near to 12,000 internet-uncovered Juniper firewall products are susceptible to a lately disclosed distant code execution flaw.
VulnCheck, which found out a new exploit for CVE-2023-36845, mentioned it could be exploited by an “unauthenticated and distant attacker to execute arbitrary code on Juniper firewalls without having building a file on the process.”
CVE-2023-36845 refers to a medium-severity flaw in the J-Web component of Junos OS that could be weaponized by a risk actor to command certain, crucial setting variables. It was patched by Juniper Networks very last thirty day period together with CVE-2023-36844, CVE-2023-36846, and CVE-2023-36847 in an out-of-cycle update.
A subsequent proof-of-principle (PoC) exploit devised by watchTowr mixed CVE-2023-36846 and CVE-2023-36845 to add a PHP file that contains malicious shellcode and achieve code execution.
The latest exploit, on the other hand, impacts older techniques and can be created working with a solitary cURL command. Specially, it depends on just CVE-2023-36845 to notice the similar aim.
This, in turn, is attained by working with the common input stream (aka stdin) to set the PHPRC ecosystem variable to “/dev/fd/” by means of a specially crafted HTTP request, successfully turning “/dev/fd/” into a makeshift file, and leak sensitive information and facts.
Arbitrary code execution is then accomplished by leveraging PHP’s auto_prepend_file and let_url_include alternatives in conjunction with the data:// protocol wrapper.
Upcoming WEBINARIdentity is the New Endpoint: Mastering SaaS Security in the Modern-day Age
Dive deep into the foreseeable future of SaaS security with Maor Bin, CEO of Adaptive Protect. Find out why identification is the new endpoint. Safe your spot now.
Supercharge Your Expertise
“Firewalls are attention-grabbing targets to APT as they assistance bridge into the secured network and can provide as helpful hosts for C2 infrastructure,” Jacob Baines mentioned. “Any individual who has an unpatched Juniper firewall ought to analyze it for indicators of compromise.”
Juniper has due to the fact disclosed that it really is not mindful of a prosperous exploit versus its shoppers, but warned that it has detected exploitation attempts in the wild, generating it very important that end users implement the needed fixes to mitigate opportunity threats.
Identified this short article fascinating? Observe us on Twitter and LinkedIn to browse a lot more special content material we publish.
Some parts of this article are sourced from:
thehackernews.com