Lucene search

K
thnThe Hacker NewsTHN:5A159C409A8090510E7531D885C304A1
HistoryNov 14, 2023 - 6:03 a.m.

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

2023-11-1406:03:00
The Hacker News
thehackernews.com
50
cisa
deadline
patching
juniper junos os
flaws
november 17
2023
mitigations
security
vulnerabilities
actively exploited
royal ransomware
blacksuit
cyfirma
dark web

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.6%

Juniper Junos OS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August.

The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation -

  • CVE-2023-36844 (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36845 (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36846 (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36847 (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36851 (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Cybersecurity

The vulnerabilities, per Juniper, could be fashioned into an exploit chain to achieve remote code execution on unpatched devices. Also added to the list is CVE-2023-36851, which has been described as a variant of the SRX upload flaw.

Juniper, in an update to its advisory on November 8, 2023, said it’s “now aware of successful exploitation of these vulnerabilities,” recommending that customers update to the latest versions with immediate effect.

The details surrounding the nature of the exploitation are currently unknown.

In a separate alert, CISA has also warned that the Royal ransomware gang may rebrand as BlackSuit owing to the fact that the latter shares a “number of identified coding characteristics similar to Royal.”

The development comes as Cyfirma disclosed that exploits for critical vulnerabilities are being offered for sale on darknet forums and Telegram channels.

“These vulnerabilities encompass elevation of privilege, authentication bypass, SQL injection, and remote code execution, posing significant security risks,” the cybersecurity firm said, adding, “ransomware groups are actively searching for zero-day vulnerabilities in underground forums to compromise a large number of victims.”

Cybersecurity

It also follows revelations from Huntress that threat actors are targeting multiple healthcare organizations by abusing the widely-used ScreenConnect remote access tool used by Transaction Data Systems, a pharmacy management software provider, for initial access.

“The threat actor proceeded to take several steps, including installing additional remote access tools such as ScreenConnect or AnyDesk instances, to ensure persistent access to the environments,” Huntress noted.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.6%