Menu

  • Alerts
  • Incidents
  • News
  • Cyber Briefing
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Tutorials

Useful Tools

  • Password Generator
No Result
View All Result
Saturday, December 9, 2023
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
No Result
View All Result
CyberMaterial
No Result
View All Result
Home Alerts

CISA Urges Swift Juniper Device Security

November 14, 2023
Reading Time: 5 mins read
in Alerts
CISA Urges Swift Juniper Device Security

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to federal agencies, urging them to promptly secure Juniper devices against a pre-auth remote code execution (RCE) exploit chain.

Four vulnerabilities, including CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847, have been actively exploited, as confirmed by Juniper’s Security Incident Response Team (SIRT). The urgency arises from detection efforts by the ShadowServer threat monitoring service, which observed exploitation attempts shortly after Juniper released security updates.

Furthermore, over 10,000 Juniper devices, primarily from South Korea, have exposed J-Web interfaces, making immediate upgrades crucial to eliminate the attack vector. Administrators are advised to swiftly secure their devices by upgrading JunOS to the latest release or, at a minimum, restrict internet access to the J-Web interface.

At the same time, CISA’s Known Exploited Vulnerabilities Catalog now designates these Juniper vulnerabilities as “frequent attack vectors for malicious cyber actors,” emphasizing their significant risk. In response, U.S. Federal Civilian Executive Branch Agencies must secure Juniper devices within the next four days, aligning with a binding operational directive (BOD 22-01) issued a year ago.

Additionally, while primarily targeting federal agencies, CISA strongly encourages all organizations, including private companies, to prioritize patching these vulnerabilities and enhance the security of Internet-exposed networking equipment.

Reference:

  • 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution
Tags: CISACyber AlertCyber Alerts 2023CybersecurityJuniperNovember 2023Remote code executionVulnerabilities
ADVERTISEMENT

Related Posts

23andMe Shields Against Data Breach Suits

23andMe Shields Against Data Breach Suits

December 8, 2023
LockBit Tops Global Ransomware

LockBit Tops Global Ransomware

December 8, 2023
Bitzlato Founder Admits to Money Laundering

Bitzlato Founder Admits to Money Laundering

December 8, 2023
Joint Commission Launches New Certification

Joint Commission Launches New Certification

December 8, 2023
Microsoft Hires Igor Tsyganskiy as New CISO

Microsoft Hires Igor Tsyganskiy as New CISO

December 8, 2023
Groveport Madison Servers Hit by Ransomware

Groveport Madison Servers Hit by Ransomware

December 8, 2023

Latest Alerts

Bluetooth Flaw Endangers Devices

CISA warns about Russian group Star Blizzard

Phishing Delivers MrAnon Stealer

WordPress RCE Vulnerability Fixed

Microsoft Warns of COLDRIVER’s Tactics

AWS STS Threat Allows Cloud Infiltration

Subscribe to our newsletter

    Latest Incidents

    Groveport Madison Servers Hit by Ransomware

    ALDO Shoes Hit by LockBit Ransomware

    East River Med Notifies of Data Breach

    Erris Water Hacked in Israel Stand

    Cambridge Hospitals Confirm Excel Breaches

    Addenbrooke’s Hospital Data Breach

    Next Post
    Bitcoin ATM Operator Coin Cloud Hacked

    Bitcoin ATM Operator Coin Cloud Hacked

    • About Us
    • Contact Us
    • Legal and Privacy Policy
    • Site Map

    © 2023 | CyberMaterial | All rights reserved

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials

    Copyright © 2023 CyberMaterial

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist