Dive Brief:

• Attackers are actively exploiting a quintet of vulnerabilities in Juniper Junos OS devices, the Cybersecurity and Infrastructure Security Agency warned in a Thursday alert. The vendor warned the vulnerabilities can be chained to remotely execute code.
• Juniper disclosed and patched four of the vulnerabilities in mid August, including one with a critical severity CVSS rating of 9.8 out of 10, and reported the fifth vulnerability in late September. The vulnerabilities were added to CISA’s Known Exploited Vulnerabilities Catalog. 
• Customers using unpatched Juniper SRX and EX Series network switches should upgrade their devices immediately, the vendor said last week in an update. Customers can also workaround the vulnerabilities by disabling J-Web interface access or limiting access to trusted hosts.

Dive Insight:

The string of vulnerabilities — CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 and CVE-2023-36851 — can be exploited by a unauthenticated, network-based attacker to remotely execute code.

Juniper’s Security Incident Response Team said it was first aware of successful exploitation of the vulnerabilities on Nov. 8.

Juniper Junos OS, which runs Juniper’s network routers, switches and firewall security devices, is now listed 6 times out of 1,037 total entries on CISA’s Known Exploited Vulnerabilities Catalog. The exploited vulnerabilities are not known to be used in ransomware campaigns, according to CISA.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in its alert. Federal agencies have until Friday to secure Juniper devices on their networks.

Unpatched, internet-connected Juniper devices could be open to exploit, and more than 10,000 Juniper devices are connected to the internet, according to Shadowserver Foundation data.