Juniper Junos OS EX / SRX vulnerabilities - 20231114002 (#409)

Dinindu-Wick · DGovEnterprise · adonm · web-flow · commit e33c844d67ab · 2023-11-15T17:37:38.000+08:00
* T1566.001 - QR Code Phishing Attachment (Quishing) - Updated the KQL with Recipient Email address * # NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors - 20230928002 * Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009003 * Apple releases Critical Updates for Known Exploited vulnerabilities - 20231009001 * Update T1566.001-QR-CodePhishingAttachment(Quishing).md Updated the document version number to 1.0 * Citrix Releases Security Updates for Multiple Products - 20231012001 * Updated Citrix Releases Security Updates for Multiple Products - 20231012001 * Updated Citrix Releases Security Updates for Multiple Products - 20231012001 * Added new ADS and updates * Updated Advisory number for Citrix advisory * Updated ADSs with macros for MITRE URL's * Updates libraries and requirement.txt * Removed macros for Software ID related ADS's * Added marcos to retrieve MITRE URL's * Updated requirements.txt with BeautifulSoup4 req * 20231023005-SolarWinds-ARM-ThreeCriticalRCEVulnerabilities.md * Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities - 20231025001 * VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities - 20231026001 * Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004 * Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature - 20231027004 * Apple Releases Security Advisories for Multiple Products - 20231027005 * Updated CVSS score of CVE-2023-4966 - 20231012003 * Improper Authorization Vulnerability In Confluence Data Center and Server - 20231101002 * Added logic to resolve links to MITRE tactics * Added new ADS's and updated existing ones * Updated entry to hide Lateral Movement - Webservers in Guidelines table * New Microsoft Exchange zero-days allow RCE, data theft attacks - 20231106002 * Updated ADS formatting and KQL Syntax's * Updated ADS formatting and KQL Syntax's * Minor updates to formatting * updates to ads * Updates to ADS * Minor updates to ADS * Updated ADS * Updates to ADS * Updated ADS * Minor updates to ADS's * Updates to ADSs * Atlassian Confluence Data Center and Server Improper Authorization Vulnerability - 20231108001 * Updated Linux Webshell indicator ADS * Updated the Technique ID in Linux Webshell Indicators * Juniper Junos OS EX / SRX vulnerabilities - 20231114002 --------- Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> Co-authored-by: Adon Metcalfe <adon.metcalfe@dpc.wa.gov.au>
diff --git a/docs/advisories/20231114002-Juniper-Junos-OS-EX-SRX-vulnerabilities.md b/docs/advisories/20231114002-Juniper-Junos-OS-EX-SRX-vulnerabilities.md
@@ -0,0 +1,59 @@
+# Juniper Junos OS  EX /  SRX vulnerabilities - 20231114002
+## Overview
+
+Juniper has released updates to five known vulnerabilities in Juniper's Junos OS, that are being actively exploited.
+
+## What is the vulnerability?
+
+[**CVE-2023-36844**](https://nvd.nist.gov/vuln/detail/CVE-2023-36844) - CVSS v3 Base Score: ***5.3*** - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability:
+- A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.  
+
+[**CVE-2023-36845**](https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-36845) - CVSS v3 Base Score: ***9.8*** - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability:
+- A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control an important environment variable.
+
+[**CVE-2023-36846**](https://nvd.nist.gov/vuln/detail/CVE-2023-36846) - CVSS v3 Base Score: ***5.3*** - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability:
+- A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
+
+[**CVE-2023-36847**](https://nvd.nist.gov/vuln/detail/CVE-2023-36847) - CVSS v3 Base Score: ***5.3*** - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability:
+- A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
+
+[**CVE-2023-36851**](https://nvd.nist.gov/vuln/detail/CVE-2023-36851) - CVSS v3 Base Score: ***5.3*** - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability:
+- A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
+
+## What is vulnerable?
+
+The vulnerability affects Juniper Networks Junos OS on SRX Series and EX Series:
+
+- All versions prior to 20.4R3-S9;
+- 21.1 version 21.1R1 and later versions;
+- 21.2 versions prior to 21.2R3-S7;
+- 21.3 versions prior to 21.3R3-S5;
+- 21.4 versions prior to 21.4R3-S5;
+- 22.1 versions prior to 22.1R3-S4;
+- 22.2 versions prior to 22.2R3-S2;
+- 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
+- 22.4 versions prior to 22.4R2-S1, 22.4R3;
+- 23.2 versions prior to 23.2R1-S1, 23.2R2.
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- The following software releases have been updated to prevent the code execution in CVE-2023-36845 vulnerability: 
+    - 20.4R3-S9, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S5*, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.
+
+- More updates are to be released to address the remaining vulnerabilities.
+
+#### Recommended Workarounds:
+
+- Disable J-Web, or limit access to only trusted hosts.
+
+## Additional References
+
+- [CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA](https://www.cisa.gov/news-events/alerts/2023/11/13/cisa-adds-six-known-exploited-vulnerabilities-catalog)
+- [2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution (juniper.net)](https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US)
+- [Known Exploited Vulnerabilities Catalog | CISA](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&sort_by=field_date_added)
