This code allow to hack into Juniper SRX firewalls and EX switches

Juniper Networks, a company that manufactures widely used networking equipment as well as security solutions, has issued a warning about vulnerabilities that are present in the operating systems of many of its devices.

The business has acknowledged in not one but two distinct security alerts that were either released or revised this week that the Junos OS and the Junos OS Evolved operating systems may be susceptible to attacks. Additionally, the corporation issued an updated warning about vulnerabilities that are present in the SRX firewalls and EX switches used by the company.

In a fresh warning it said that earlier versions of the operating systems might get stalled due to the processing of erroneous messages in the code known as the Border Gateway Protocol (BGP), which is responsible for directing all traffic on the internet.

To be more specific, a “UPDATE” message that is formatted in a particular manner “will eventually create a sustained Denial of Service (DoS) condition for impacted devices,” which would prevent such devices from carrying out their duties.

A security advisory that had been issued in June and was connected to BGP was also updated by the business on Wednesday. This issue also addressed the possibility of attacks that denied service to users.

In both instances, the corporation was providing workarounds as a means of resolving the problems “out of cycle” from its typical operating system update releases.

A third warning, issued on August 17 and most recently updated on Wednesday, refers to vulnerabilities in J-Web, which is an interface for the SRX firewalls and EX switches used by the firm, which researchers in the security field at Watchtower Labs investigated.

In such a scenario, “an unauthenticated, network-based attacker” has the ability to link together the exploitation of the vulnerabilities “to remotely execute code on the devices.”

In addition, the Cybersecurity and Infrastructure Security Agency (CISA) released a brief advisory on Wednesday about the vulnerabilities in the operating system.

In addition to that, researchers carried out extensive study, the results of which offered a comprehensive understanding about the exploitation of this weakness as well as the vulnerabilities associated to it.

In the course of their investigation, the researchers focused on two particular vulnerabilities in Juniper (CVE-2023-36846 and CVE-2023-36845), both of which were described in the company’s security advisory. Both of these vulnerabilities, Missing authentication for key functions and PHP External Variable Modification, have something in common: they both affect PHP.

After further investigation, it was found that the J-Web was totally developed in PHP, and that the authentication process is handled by a user class. In addition, a PHP file called webauth_operation.php was found.

In addition, a total of 150 distinct functions, which served a variety of purposes ranging from basic aids to the formatting of IP addresses, were found to be in use. These functions ranged in complexity from simple to complicated. Every one of these tasks required interaction with the command line interface (CLI) of the appliance.

Researchers from Watchtwr have produced a comprehensive analysis, which can be seen on their website. The report contains in-depth information on these vulnerabilities as well as the techniques used to attack them.

It has been announced that a repository on GitHub containing the Proof-of-concept for this vulnerability has been made available. Security professionals may utilize this repository to test and repair their susceptible environments using the Proof-of-concept.