PoC for no-auth RCE on Juniper firewalls released


Additional information and a proof-of-concept (PoC) exploit have been made available by researchers on the newly patched four vulnerabilities that might allow remote code execution (RCE) on Juniper Networks’ SRX firewalls and EX switches. They automated the entire procedure in a proof-of-concept exploit.

Without prior authentication, a crucial function may be abused using CVE-2023-36846 and CVE-2023-36847. Attackers may be able to change specific PHP environment variables by giving the name of an uploaded file thanks to CVE-2023-36844 and CVE-2023-36845.

Read More…