A month after a patch was released, an overwhelming majority of Juniper’s SRX firewalls and EX Series switches remain vulnerable to a group of flaws which, when combined, can result in remote code execution, according to threat intelligence platform provider, VulnCheck.
In its findings, The Register reports, VulnCheck says that on August 17, Juniper announced finding, and patching, five separate vulnerabilities affecting all versions of Junos OS on SRX firewalls and EX Series switches.
These vulnerabilities are now tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851. While individually they carry a 5.3 severity rating, collectively they earned a 9.8 score and have been deemed critical. Some researchers say that by chaining these five, threat actors are able to achieve remote code execution, which could lead to a whole host of other issues, such as malware deployment. Other researchers believe that chaining just some will suffice.
Exploiting known flaws
Now, a month later, roughly four in five (79%) public-facing Juniper SRX firewalls and EX Series switches are yet to be patched up and remain vulnerable to these flaws. To make matters worse, more than ten days ago Juniper updated its security advisory to say it observed threat actors attempting to exploit these flaws.
According to numerous research, hackers are more inclined towards abusing older, known flaws, rather than trying to discover their own zero-day vulnerabilities. That is because older flaws already have proof-of-concepts and are easily exploited, especially knowing that many firms aren’t that diligent when it comes to applying patches and upgrades.
To remain secure, businesses are advised to apply new fixes and patches as soon as they roll out or to have a solid patching schedule to adhere to.
If you’re unsure whether or not your firewall is vulnerable to CVE-2023-36845, VulnCheck has released a free scanning tool which you can find on this link.