A month after a patch was released, an overwhelming majority of Juniper’s SRX firewalls and EX-series switches remain vulnerable to a group of flaws that, when combined, could result in remote code execution, according to VulnCheck, a threat intelligence platform provider.
In his findings The Register reports thisVulnCheck says that Juniper announced on August 17 that it had found and patched five separate vulnerabilities that affect all versions of Junos OS on SRX firewalls and EX Series switches.
These vulnerabilities are now tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851. Although individually they have a severity rating of 5.3, collectively they achieved a score of 9.8 and were considered critical. Some researchers say that linking these five together could allow threat actors to execute code remotely, which could lead to a host of other problems, such as the deployment of malware. Other researchers believe that linking just a few of them together will be enough.
Exploit known shortcomings
Now, a month later, roughly four in five (79%) public Juniper SRX firewalls and EX Series switches have yet to be patched and remain vulnerable to these flaws. To make matters worse, Juniper updated its security advisory more than ten days ago, saying it has observed threat actors attempting to exploit these flaws.
According to numerous studies, hackers are more likely to exploit older, known flaws than discover their own zero-day vulnerabilities. That’s because older flaws already have proof-of-concept and can be easily exploited, especially knowing that many companies aren’t as diligent when it comes to applying patches and upgrades.
To stay safe, companies are advised to apply new fixes and patches as they roll out, or have a solid patch schedule to adhere to.
If you’re unsure whether your firewall is vulnerable to CVE-2023-36845, VulnCheck has released a free scanning tool that you can find at this link.