Jan 16, 2024NewsroomVulnerability / Network Security

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE).

“The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security engineer at Bishop Fox, said in a technical analysis shared with The Hacker News.

The vulnerabilities in question are listed below –

• CVE-2022-22274 (CVSS score: 9.4) – A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall.

• CVE-2023-0656 (CVSS score: 7.5) – A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash.

While there are no reports of exploitation of the flaws in the wild, a proof-of-concept (PoC) for CVE-2023-0656 was published by the SSD Secure Disclosure team April 2023.

The cybersecurity firm revealed that the issues could be weaponized by bad actors to trigger repeated crashes and force the appliance to get into maintenance mode, requiring administrative action to restore normal functionality.

“Perhaps most astonishing was the discovery that over 146,000 publicly-accessible devices are vulnerable to a bug that was published almost two years ago,” Williams said.

The development comes as watchTowr Labs uncovered multiple stack-based buffer overflow flaws in the SonicOS management web interface and SSL VPN portal that could lead to a firewall crash.

To safeguard against possible threats, it’s recommended to update to the last version and ensure that the management interface isn’t exposed to the internet.

Jan 13, 2024NewsroomVulnerability / Network Security

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.

The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system.

“An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device,” the company said in an advisory.

The networking equipment major, which is set to be acquired by Hewlett Packard Enterprise (HPE) for $14 billion, said the issue is caused by use of an insecure function allowing a bad actor to overwrite arbitrary memory.

The flaw impacts the following versions, and has been fixed in versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later –

• Junos OS versions earlier than 20.4R3-S9
• Junos OS 21.2 versions earlier than 21.2R3-S7
• Junos OS 21.3 versions earlier than 21.3R3-S5
• Junos OS 21.4 versions earlier than 21.4R3-S5
• Junos OS 22.1 versions earlier than 22.1R3-S4
• Junos OS 22.2 versions earlier than 22.2R3-S3
• Junos OS 22.3 versions earlier than 22.3R3-S2, and
• Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3

As temporary workarounds until the fixes are deployed, the company recommends that users disable J-Web or restrict access to only trusted hosts.

Also resolved by Juniper Networks is a high-severity bug in Junos OS and Junos OS Evolved (CVE-2024-21611, CVSS score: 7.5) that could be weaponized by an unauthenticated, network-based attacker to cause a DoS condition.

While there is evidence that the vulnerabilities are being exploited in the wild, multiple security shortcomings affecting the company’s SRX firewalls and EX switches were abused by threat actors last year.