The J-Internet element of Juniper Networks’ Junos OS has been found to include quite a few vulnerabilities, a number of of which can permit distant code execution, cross-site scripting assaults, route injection, traversal, or native file inclusion.
In keeping with Octagon Networks, “Chief amongst them is a distant pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS rating: 8.1) within the J-Internet element of Junos OS”.
Particulars of Vulnerabilities
CVE-2022-22241: Distant pre-authenticated Phar Deserialization to RCE- (CVSS rating: 8.1)
“An Improper Enter Validation vulnerability within the J-Internet element of Juniper Networks Junos OS might permit an unauthenticated attacker to entry information with out correct authorization”, Juniper Networks
When parsed by a PHP file operation perform, the metadata in Phar information (PHP Archive) information is deserialized as a result of it’s saved in a serialized format.
Experiences say this conduct will be abused by an attacker to reap the benefits of a Juniper codebase object instantiation vulnerability.
Notably, deserialization will happen even utilizing PHP features that don’t eval PHP code like file_get_contents(), fopen(), file() or file_exists(), md5_file(), filemtime() or filesize(), is_dir(), if person enter is handed to the features.
An unauthenticated distant attacker could make use of this vulnerability to have distant phar information deserialized, which leads to arbitrary file writing and a distant code execution (RCE) vulnerability.
CVE-2022-22242: pre-authenticated mirrored XSS on the error page- (CVSS rating: 6.1)
This can be a Cross-site Scripting (XSS) vulnerability discovered within the J-Internet element of Juniper Networks Junos OS permits an unauthenticated attacker to run malicious scripts mirrored off of J-Internet to the sufferer’s browser within the context of their session inside J-Internet.
This flaw can be utilized with different vulnerabilities that require authentication or permit a distant unauthenticated attacker to steal JunOS admin classes.
CVE-2022-22243– (CVSS rating: 4.3) and & CVE-2022-22244 – (CVSS rating: 5.3): XPATH Injection
It’s an XPath Injection vulnerability brought on as a consequence of Improper Enter Validation within the J-Internet element of Juniper Networks Junos OS.
This permits an attacker so as to add an XPath command to the XPath stream that allow chaining to different unspecified vulnerabilities, resulting in a partial lack of confidentiality.
It may be exploited by a distant authenticated attacker to govern JunOS admin classes or manipulate the XPATH stream that the server makes use of to speak with its XML parsers.
CVE-2022-22245: Path traversal throughout file add results in RCE – (CVSS rating: 4.3)
This can be a Path Traversal vulnerability within the J-Internet element of Juniper Networks Junos OS. It permits attackers to add arbitrary information to the gadget by bypassing validation checks constructed into Junos OS.
The profitable exploitation of this vulnerability might result in lack of filesystem integrity. Experiences say this flaw will be exploited by attackers to execute PHP code by importing a file with a particular title.
CVE-2022-22246: PHP Native File Inclusion (LFI) vulnerability – (CVSS rating: 7.5)
This PHP Native File Inclusion (LFI) vulnerability was discovered within the J-Internet element of Juniper Networks Junos OS. This may occasionally permit a low-privileged authenticated attacker to execute an untrusted PHP file. The profitable exploitation could lead on to an entire system compromise.
Repair Obtainable
The problems are addressed in Junos OS variations 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and later.
Subsequently, the customers are advisable to use the software program patch obtainable for Junos OS as early as attainable to stop the abovementioned threats.
