A number of high-severity safety flaws have been disclosed as affecting Juniper Networks gadgets, a few of which may very well be exploited to attain code execution.
Chief amongst them is a distant pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS rating: 8.1) within the J-Net element of Junos OS, in accordance with Octagon Networks researcher Paulos Yibelo.
“This vulnerability will be exploited by an unauthenticated distant attacker to get distant phar information deserialized, resulting in arbitrary file write, which results in a distant code execution (RCE),” Yibelo mentioned in a report shared with The Hacker Information.
Additionally recognized are 5 different points, that are listed as comply with –
- CVE-2022-22242 (CVSS rating: 6.1) – A pre-authenticated mirrored XSS on the error web page (“error.php”), permitting a distant adversary to siphon Junos OS admin session and chained with different flaws that require authentication.
- CVE-2022-22243 (CVSS rating: 4.3) & CVE-2022-22244 (CVSS rating: 5.3) – Two XPATH injection flaws that exploited by a distant authenticated attacker to steal and manipulate Junos OS admin classes
- CVE-2022-22245 (CVSS rating: 4.3) – A path traversal flaw that might allow a distant authenticated attacker to add PHP information to any arbitrary location, in a fashion just like that of the lately disclosed RARlab UnRAR flaw (CVE-2022-30333), and
- CVE-2022-22246 (CVSS rating: 7.5) – A neighborhood file inclusion vulnerability that may very well be weaponized to run untrusted PHP code.
“This [CVE-2022-22246] permits an attacker the power to incorporate any PHP file saved on the server,” Yibelo famous. “If this vulnerability is exploited alongside the file add vulnerability, it could result in distant code execution.”
Customers of Juniper Networks firewalls, routers, and switches are advisable to apply the most recent software program patch out there for Junos OS to mitigate aforementioned threats.
“A number of of those points may result in unauthorized native file entry, cross-site scripting assaults, path injection and traversal, or native file inclusion,” Juniper Networks disclosed in an advisory launched on October 12, 2022.
The problems have been addressed in Junos OS variations 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and later.