The US Cybersecurity and Infrastructure Security Agency (CISA) has given November 17, 2023, a deadline for federal agencies and organizations to apply mitigations to secure against multiple Juniper Junos OS security flaws that have been exposed. last August.
- CVE-2023-36844 (CVSS score: 5.3) – Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
- CVE-2023-36845 (CVSS score: 5.3) – Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
- CVE-2023-36846 (CVSS score: 5.3) – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
- CVE-2023-36847 (CVSS score: 5.3) – Juniper Junos OS EX Series Missing Verification for Critical Function Vulnerability
- CVE-2023-36851 (CVSS score: 5.3) – Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
The vulnerabilities, per Juniper, can be an exploit chain to achieve remote code execution on unpatched devices. Also added to the list is CVE-2023-36851, which is described as a variant of the SRX upload bug.
Juniper, in an advisory update on November 8, 2023, SAYS it is “now aware of the successful exploitation of these vulnerabilities,” recommending that customers update to the latest versions with immediate effect.
Details surrounding the nature of the exploit are currently unknown.
In a separate alert, CISA has too Warned that the Royal ransomware gang may rebrand as BlackSuit due to the fact that the latter shares a “number of recognized coding characteristics similar to Royal.”
The development comes as Cyfirma disclosed that exploits for critical vulnerabilities are being offered for sale on darknet forums and Telegram channels.
“These vulnerabilities include elevated privilege, authentication bypass, SQL injection, and remote code execution, which pose significant security risks,” the cybersecurity firm said. SAYSadded, “ransomware groups are actively looking for zero-day vulnerabilities in underground forums to compromise more victims.”
It also follows revelations from Huntress that threat actors have targeted dozens of healthcare organizations by abusing the widely used ScreenConnect remote access tool used in Transaction Data Systems, a provider of pharmacy management software, for early access.
“The threat actor continues to take several measures, including installing additional access tools such as ScreenConnect or AnyDesk instances, to ensure continued access to environments,” Huntress . THE audience.