CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17

News

Nov 14, 2023NewsroomCyber Attack / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August.

The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation –

  • CVE-2023-36844 (CVSS score: 5.3) – Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36845 (CVSS score: 5.3) – Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36846 (CVSS score: 5.3) – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36847 (CVSS score: 5.3) – Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36851 (CVSS score: 5.3) – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Cybersecurity

The vulnerabilities, per Juniper, could be fashioned into an exploit chain to achieve remote code execution on unpatched devices. Also added to the list is CVE-2023-36851, which has been described as a variant of the SRX upload flaw.

Juniper, in an update to its advisory on November 8, 2023, said it’s “now aware of successful exploitation of these vulnerabilities,” recommending that customers update to the latest versions with immediate effect.

The details surrounding the nature of the exploitation are currently unknown.

In a separate alert, CISA has also warned that the Royal ransomware gang may rebrand as BlackSuit owing to the fact that the latter shares a “number of identified coding characteristics similar to Royal.”

The development comes as Cyfirma disclosed that exploits for critical vulnerabilities are being offered for sale on darknet forums and Telegram channels.

“These vulnerabilities encompass elevation of privilege, authentication bypass, SQL injection, and remote code execution, posing significant security risks,” the cybersecurity firm said, adding, “ransomware groups are actively searching for zero-day vulnerabilities in underground forums to compromise a large number of victims.”

Cybersecurity

It also follows revelations from Huntress that threat actors are targeting multiple healthcare organizations by abusing the widely-used ScreenConnect remote access tool used by Transaction Data Systems, a pharmacy management software provider, for initial access.

“The threat actor proceeded to take several steps, including installing additional remote access tools such as ScreenConnect or AnyDesk instances, to ensure persistent access to the environments,” Huntress noted.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Northern Ireland Police Data Leak Sees Service Fined by ICO
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

Leave a Reply

Your email address will not be published. Required fields are marked *