This vulnerability is being actively exploited in the wild.
A vulnerability in the kernel of Juniper Networks Junos OS creates improper isolation, allowing a local attacker with high privileges to inject arbitrary code and compromise the integrity of the device. This issue is not exploitable from the Junos CLI. Affected versions include all prior to 21.2R3-S9, 21.4 versions before 21.4R3-S10, 22.2 versions before 22.2R3-S6, 22.4 versions before 22.4R3-S6, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, and 24.2 versions before 24.2R1-S2, 24.2R2.
Exploitation of this vulnerability allows for arbitrary code execution with root privileges on the affected device.
The vulnerability can be reproduced by gaining privileged access to a Juniper router and entering the FreeBSD shell from the Junos OS CLI. Once in the shell, the 'here document' feature can be used to create a Base64-encoded file, which is then decoded and extracted to execute malicious payloads. This process involves injecting code into the memory of a legitimate process, effectively bypassing Junos OS's Veriexec protection, which normally prevents unauthorized binaries from executing.
Juniper Networks has released a security advisory (JSA93446) recommending that organizations upgrade their Juniper devices to the latest images, which include mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). After the upgrade, organizations should run the JMRT Quick Scan and Integrity Check.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
