Multiple high-severity security flaws have been discovered affecting Juniper Networks devices, some of which could be exploited to execute code.
According to Octagon Networks researcher Paulos Yibelo, the main one is the remote authenticated PHP archive file deserialization vulnerability in the J-Web component of Junos OS (CVE-2022-22241, CVSS score : 8.1).
“This vulnerability could be exploited by an unauthenticated, remote attacker to deserialize a remote phar file and lead to writing arbitrary files, leading to remote code execution (RCE),” Yibelo said. said. Said In a report shared with The Hacker News.
In addition, five other issues have been identified. These issues are:
- CVE-2022-22242 (CVSS score: 6.1) – pre-authenticated reflex XSS An error page (“error.php”) allows a remote adversary to siphon a Junos OS administrative session and chain it with other flaws that require authentication.
- CVE-2022-22243 (CVSS score: 4.3) & CVE-2022-22244 (CVSS score: 5.3) – 2 XPATH injection A flaw exploited by remote, authenticated attackers to steal and manipulate Junos OS administrator sessions
- CVE-2022-22245 (CVSS Score: 4.3) – A path traversal vulnerability that allows remote, authenticated attackers to upload PHP files to arbitrary locations in a manner similar to the recently disclosed RARlab UnRAR vulnerability (CVE-2022-30333) sex, and
- CVE-2022-22246 (CVSS score: 7.5) – A local file inclusion vulnerability that could be weaponized to execute untrusted PHP code.
“this [CVE-2022-22246] An attacker could include arbitrary PHP files stored on the server,” said Yibero.
Users of Juniper Networks firewalls, routers, and switches should: Apply the latest software patches Available in Junos OS to mitigate the aforementioned threats.
“One or more of these issues can lead to unauthorized local file access, cross-site scripting attacks, path injection and traversal, or local file inclusion,” said Juniper Networks. disclosed In an advisory released on October 12, 2022.
This issue is resolved in Junos OS versions 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1 It has been. R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1 and newer.