Juniper Junos Flaw Let Attackers Gain Full ‘Root’ Access


Hackers focus on Juniper Junos because it is extensively used in business networking and, consequently, a huge target for hacking valuable systems.

Since it is prominent in big organizations, any successful breach can result in significant data loss or operational disruption, giving threat actors an upper hand.

EHA

Cybersecurity researcher Juniper recently identified Juniper Juno’s flaw, enabling threat actors to gain full ‘root’ access.

Juniper Junos Flaw

There were several instances of Improper Neutralization of Special Elements vulnerabilities in Juniper Networks Junos OS Evolved command-line interface.

Even though the attacker possesses low-level permissions, they can exploit the parsing mechanism by which commands are interpreted.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

These vulnerabilities enable an attacker to raise their privilege levels by providing inputs that have not been properly sanitized or neutralized by the operating system.

By doing this, a hacker is able to get a ‘root’ access, which gives the hacker total control over the targeted machine.

With root access, threat actors take full control of the compromised systems, which enables them to manipulate system settings, gain unauthorized access to private information, install malware on target organizations’ PCs, and use them for further network attacks.

This vulnerability is highly dangerous as it compromises the confidentiality and integrity of network infrastructure running impacted Junos OS Evolved versions.

Junos OS Evolved Command Line Interface (CLI) has a critical flaw in how it parses command options. Authorized users can exploit some CLI commands through well-crafted arguments.

The vulnerability, if successful, can lead to the attacker gaining root access to the system’s shell environment, which helps in compromising its integrity.

This flaw is different from CVE-2021-31356 but shares certain similarities with it.

It outlines the current issues of ensuring security for sophisticated operating system interfaces against possible privilege escalation attacks, especially in terms of network infrastructure software.

While this issue affects Junos OS Evolved:=

  • All version before 20.4R3-S7-EVO
  • 21.2-EVO versions before 21.2R3-S8-EVO
  • 21.4-EVO versions before 21.4R3-S7-EVO
  • 22.2-EVO versions before 22.2R3-EVO
  • 22.3-EVO versions before 22.3R2-EVO
  • 22.4-EVO versions before 22.4R2-EVO

Here below, we have mentioned all the flaws that were resolved:-

  • CVE-2024-39520
  • CVE-2024-39521
  • CVE-2024-39522
  • CVE-2024-39523
  • CVE-2024-39524

Juniper Networks has released Updated Junos OS versions to address this vulnerability, including 20.4R3-S7-EVO through 23.2R1-EVO and subsequent releases.

The problem is tracked with multiple identifiers on the Customer Support website where there are no workarounds. Still, system access should be limited to trusted administrators to mitigate the risk as much as possible.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo



Source link