Networking appliances maker Juniper Networks has announced patches for four vulnerabilities in the J-Web interface of Junos OS, which could be combined for unauthenticated, remote code execution.
Tracked as CVE-2023-36844 through CVE-2023-36847, the bugs have a severity rating of ‘medium’. Their chained exploitation, however, is rated ‘critical severity’, Juniper warns in an advisory.
“By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices,” the company notes.
CVE-2023-36844 and CVE-2023-36845 are described as PHP external variable modification flaws that could allow remote attackers to control environment variables, without authentication.
“Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities,” Juniper explains.
CVE-2023-36846 and CVE-2023-36847 are described as missing authentication issues that could allow an attacker to upload arbitrary files, leading to impact on file system integrity.
“With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities,” Juniper notes.
Disabling the J-Web interface, or limiting access to trusted hosts only should prevent exploitation of these issues, the company says.
The vulnerabilities impact the SRX series firewalls and EX series switches running Junos OS versions prior to 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, and 23.2R1.
SRX series and EX series users are advised to update their appliances to the latest Junos OS iterations as soon as possible.
Juniper makes no mention of these vulnerabilities being exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that the exploitation of these vulnerabilities could lead to denial-of-service (DoS) conditions.
Related: Juniper Networks Patches High-Severity Vulnerabilities in Junos OS
Related: Juniper Networks Patches Critical Third-Party Component Vulnerabilities
Related: Juniper Networks Kicks Off 2023 With Patches for Over 200 Vulnerabilities