Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
Description
Multiple vulnerabilities in the J-Web interface of Juniper Junos OS (CVE-2023-36845 and CVE-2023-36846) can be chained together to allow unauthenticated remote attackers to execute arbitrary code on affected SRX Series and EX Series devices. These pre-authentication vulnerabilities bypass normal security controls and enable complete device compromise without requiring valid credentials.
Remediation
1. Immediately upgrade affected Juniper Junos OS devices to the latest patched version as specified in the official Juniper security bulletin (2023-08 Out-of-Cycle Security Bulletin).
2. If immediate patching is not possible, disable the J-Web interface on all SRX Series and EX Series devices until patches can be applied by running:
delete system services web-management http delete system services web-management https commit3. Restrict access to the J-Web management interface to trusted IP addresses only using firewall rules or access control lists.
4. Monitor system logs for suspicious authentication attempts or unusual J-Web activity.
5. After patching, verify the integrity of device configurations and review all administrative accounts for unauthorized changes.