Juniper Networks, a manufacturer of networking equipment, has released patches for four vulnerabilities that could be combined to allow unauthenticated, remote code execution in the Junos OS J-Web interface.
The bugs have a ‘medium’ severity rating and are tracked as CVE-2023-36844 through CVE-2023-36847. However, Juniper issues a warning about the “critical severity” of their chained exploitation. “By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices,” the company warns.
According to CVE-2023-36844 and CVE-2023-36845, PHP external variable modification flaws could give remote attackers access to environment variables without requiring any authorization.
Read More: Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
