Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices.
“Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path injection and traversal, or local file inclusion.” reads the advisory published by the vendor.
The most severe one is a remote pre-authenticated PHP archive file deserialization vulnerability tracked as CVE-2022-22241 which received a CVSS score of 8.1. The vulnerability resided in the J-Web component of Junos OS. An attacker can exploit the vulnerability by sending a crafted POST request, triggering a deserialization which could lead to unauthorized local file access or arbitrary code execution.
“Phar files (PHP Archive) files contain metadata in serialized format, which when parsed by a PHP file operation function leads to the metadata getting deserialized. An attacker can abuse this behavior to exploit an object instantiation vulnerability inside the Juniper codebase.” reads the analysis published by Octagon Networks. “This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE) vulnerability.”
Other vulnerabilities discovered by the experts are:
The vendor addressed the flaws with the release of Junos OS versions 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and later.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, code execution)