"🚨 Juniper Firewalls Under Siege: Over 12,000 Vulnerable Devices Exposed! 🔥"
New research reveals nearly 12,000 internet-facing Juniper firewall devices are susceptible to a recently disclosed remote code execution flaw. The vulnerability, identified as CVE-2023-36845, allows an unauthenticated remote attacker to execute arbitrary code without creating a file on the system. This medium-severity flaw in the J-Web component of Junos OS can be weaponized by adversaries to control certain environment variables. Juniper Networks patched this alongside other vulnerabilities last month. A proof-of-concept (PoC) exploit by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload malicious PHP files and achieve code execution. Jacob Baines points out, "Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure." Juniper has acknowledged the vulnerability but is unaware of any successful exploits against its customers. However, they've detected exploitation attempts in the wild, urging users to apply necessary patches. 🛡️