Thousands of Juniper firewalls are open to serious attack

A month after a patch was released, an overwhelming majority of Juniper’s SRX firewalls and EX Series switches remain vulnerable to a group of flaws which, when combined, can result in remote code execution, according to threat intelligence platform provider, VulnCheck.

In its findings, The Register reports, VulnCheck says that on August 17, Juniper announced finding, and patching, five separate vulnerabilities affecting all versions of Junos OS on SRX firewalls and EX Series switches.

These vulnerabilities are now tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847, and CVE-2023-36851. While individually they carry a 5.3 severity rating, collectively they earned a 9.8 score and have been deemed critical. Some researchers say that by chaining these five, threat actors are able to achieve remote code execution, which could lead to a whole host of other issues, such as malware deployment. Other researchers believe that chaining just some will suffice.

Exploiting known ...