This live blog contains information regarding the Junos J-Web vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on October 31, 2022.
Update October 31, 2022
17:30 | On the 12th of October 2022, Juniper Networks published a security bulletin describing six different vulnerabilities in the J-Web interface of Juniper Networks Junos. The most severe vulnerability allows an unauthenticated remote attacker to execute arbitrary code. Last week Friday on the 28th of October 2022, research company Octagon Networks has published more details regarding the six vulnerabilities.
Currently, no public exploit code is available and there are no reports on exploitation of the vulnerabilities in the wild. However, with the details provided by the blog of Octagon Networks, it is likely that exploits will be developed.
Juniper Networks has published security updates and workarounds to mitigate the vulnerabilities in Junos. It is highly recommended to apply these updates or workarounds.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
The most severe vulnerability allows an unauthenticated remote attacker to execute arbitrary code. Additionally, several of the other vulnerabilities might be combined to increase chance and the impact of exploitation.
Currently, there are no reports on exploitation in the wild and there is no publicly available proof-of-concept code for any of the six vulnerabilities. Although, this might change based on the details published in the blog by Octagon Networks.
Juniper Networks published six vulnerabilities in the J-Web interface of Juniper Networks Junos in its security bulletin. Octagon Networks has analysed and described all six vulnerabilities and developed proof-of-concept exploit code, which they have decided not to publish yet.
An overview of the vulnerabilities can be found in the table below.
|CVE||Description||CVE published||CVSS V3 score||EPSS Score||EPSS Percentile|
|CVE-2022-22241||Remote pre-authenticated Phar Deserialization to RCE||2022-10-18||9,8||0,00885||0,26763|
|CVE-2022-22242||Pre-authenticated reflected XSS on the error page.||2022-10-18||6,1||0,00885||0,26763|
|CVE-2022-22243||XPATH Injection in jsdm/ajax/wizards/setup/setup.php||2022-10-18||4,3||0,00885||0,26763|
|CVE-2022-22244||XPATH Injection in send_raw() method||2022-10-18||5,3||0,00885||0,26763|
|CVE-2022-22245||Path traversal during file upload leads to RCE||2022-10-18||4,3||0,00885||0,26763|
|CVE-2022-22246||PHP file include /jrest.php||2022-10-18||8,8||0,00885||0,26763|
Table 1 – CVE details information on the 31st of October 2022
The current EPSS scores show a low chance of exploitation. However, this is expected to change based on the blog of Octagon Networks and the development of public proof-of-concept code. Additionally, several vulnerabilities might be combined, increasing the likelihood and impact of exploitation.
Juniper Networks published software patches and two possible workarounds. It is strongly advised to upgrade to one of the following software versions, in which the vulnerabilities are solved:
- 19.1 – 19.1R3-S9 or later;
- 19.2 – 19.2R3-S6 or later;
- 19.3 – 19.3R3-S7 or later;
- 19.4 – 19.4R3-S9 or later;
- 20.1 – 20.1R3-S5 or later;
- 20.2 – 20.2R3-S5 or later;
- 20.3 – 20.3R3-S5 or later;
- 20.4 – 20.4R3-S4 or later;
- 21.1 – 21.1R3-S2 or later;
- 21.2 – 21.2R3-S1 or later;
- 21.3 – 21.3R3 or later;
- 21.4 – 21.4R3 or later;
- 22.1 – 22.1R2 or later;
- 22.2 – 22.2R1 or later.
- Octagon Networks Blog – https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
- Juniper Security Bulletin – https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
- NCSC Advisory – https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0646
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.