The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has given a November 17, 2023, deadline for federal businesses and organizations to use mitigations to safe in opposition to numerous security flaws in Juniper Junos OS that got here to mild in August.
The company on Monday added 5 vulnerabilities to the Recognized Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation –
- CVE-2023-36844 (CVSS rating: 5.3) – Juniper Junos OS EX Collection PHP Exterior Variable Modification Vulnerability
- CVE-2023-36845 (CVSS rating: 5.3) – Juniper Junos OS EX Collection and SRX Collection PHP Exterior Variable Modification Vulnerability
- CVE-2023-36846 (CVSS rating: 5.3) – Juniper Junos OS SRX Collection Lacking Authentication for Vital Perform Vulnerability
- CVE-2023-36847 (CVSS rating: 5.3) – Juniper Junos OS EX Collection Lacking Authentication for Vital Perform Vulnerability
- CVE-2023-36851 (CVSS rating: 5.3) – Juniper Junos OS SRX Collection Lacking Authentication for Vital Perform Vulnerability
The vulnerabilities, per Juniper, might be common into an exploit chain to attain distant code execution on unpatched units. Additionally added to the checklist is CVE-2023-36851, which has been described as a variant of the SRX add flaw.
Juniper, in an replace to its advisory on November 8, 2023, mentioned it is “now conscious of profitable exploitation of those vulnerabilities,” recommending that clients replace to the newest variations with speedy impact.
The main points surrounding the character of the exploitation are at the moment unknown.
In a separate alert, CISA has additionally warned that the Royal ransomware gang could rebrand as BlackSuit owing to the truth that the latter shares a “variety of recognized coding traits much like Royal.”
The event comes as Cyfirma disclosed that exploits for important vulnerabilities are being provided on the market on darknet boards and Telegram channels.
“These vulnerabilities embody elevation of privilege, authentication bypass, SQL injection, and distant code execution, posing vital security dangers,” the cybersecurity agency mentioned, including, “ransomware teams are actively looking for zero-day vulnerabilities in underground boards to compromise a lot of victims.”
It additionally follows revelations from Huntress that risk actors are concentrating on a number of healthcare organizations by abusing the widely-used ScreenConnect distant entry instrument utilized by Transaction Data Techniques, a pharmacy administration software program supplier, for preliminary entry.
“The risk actor proceeded to take a number of steps, together with putting in extra distant entry instruments corresponding to ScreenConnect or AnyDesk situations, to make sure persistent entry to the environments,” Huntress famous.
