Skip to main content

Juniper Junos OS Multiple Vulnerabilities

Last Update Date: 14 Nov 2023 Release Date: 21 Aug 2023 6734 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service  condition, remote code execution and data manipulation on the targeted system.

 

Note:

Proof of Concept exploit code is publicly available for CVE-2023-36844, CVE-2023-36845, CVE-2023-36846 and CVE-2023-36847. Juniper SIRT is now aware of successful exploitation.

 

[Updated on 2023-08-29] 

Proof of Concept exploit code is publicly available for CVE-2023-36844, CVE-2023-36845, CVE-2023-36846 and CVE-2023-36847. Risk level is rated as High Risk.

 

[Updated on 2023-11-14] 

Juniper SIRT is now aware of successful exploitation. Risk level is rated as Extremely High Risk.


Impact

  • Data Manipulation
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

Juniper Networks Junos OS on SRX Series

  • All versions prior to 20.4R3-S8;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions prior to 21.3R3-S5;
  • 21.4 versions prior to 21.4R3-S5;
  • 22.1 versions prior to 22.1R3-S3;
  • 22.2 versions prior to 22.2R3-S2;
  • 22.3 versions prior to 22.3R2-S2, 22.3R3;
  • 22.4 versions prior to 22.4R2-S1, 22.4R3;

Juniper Networks Junos OS on EX Series

  • All versions prior to 20.4R3-S8;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions prior to 21.3R3-S5;
  • 21.4 versions prior to 21.4R3-S4;
  • 22.1 versions prior to 22.1R3-S3;
  • 22.2 versions prior to 22.2R3-S1;
  • 22.3 versions prior to 22.3R2-S2, 22.3R3;
  • 22.4 versions prior to 22.4R2-S1, 22.4R3.

 


Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor. For detail, please refer to the link below:

 

 


Vulnerability Identifier


Source


Related Link