Juniper Junos OS Multiple Vulnerabilities

Impact

• Data Manipulation
• Denial of Service
• Remote Code Execution

System / Technologies affected

Juniper Networks Junos OS on SRX Series

• All versions prior to 20.4R3-S8;
• 21.2 versions prior to 21.2R3-S6;
• 21.3 versions prior to 21.3R3-S5;
• 21.4 versions prior to 21.4R3-S5;
• 22.1 versions prior to 22.1R3-S3;
• 22.2 versions prior to 22.2R3-S2;
• 22.3 versions prior to 22.3R2-S2, 22.3R3;
• 22.4 versions prior to 22.4R2-S1, 22.4R3;

Juniper Networks Junos OS on EX Series

• All versions prior to 20.4R3-S8;
• 21.2 versions prior to 21.2R3-S6;
• 21.3 versions prior to 21.3R3-S5;
• 21.4 versions prior to 21.4R3-S4;
• 22.1 versions prior to 22.1R3-S3;
• 22.2 versions prior to 22.2R3-S1;
• 22.3 versions prior to 22.3R2-S2, 22.3R3;
• 22.4 versions prior to 22.4R2-S1, 22.4R3.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor. For detail, please refer to the link below:

• https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US

Vulnerability Identifier

• CVE-2023-36844
• CVE-2023-36845
• CVE-2023-36846
• CVE-2023-36847

Source

• Juniper Network

Related Link

• https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories]&f:level1=[OS]
• https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US