Threat actors have begun exploiting four recently patched vulnerabilities in Juniper Networks’ Junos OS’s J-Web component after proof-of-concept (PoC) exploit code was published online.
The medium-severity bugs, identified as CVE-2023-36844 through CVE-2023-36847, allow remote environment variable control and arbitrary file uploads without authentication.
Ten days ago, Juniper Networks issued patches to address these flaws, cautioning that an attacker could link them together to achieve remote code execution and classifying the chained exploitation as having “critical severity.”
Shadowserver Foundation, a nonprofit cybersecurity organization, claims that these flaws were first exploited on August 25, the same day that the PoC exploit code was made public.
Read More: Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.