Juniper Networks devices impacted by several high-severity bugs - SC Media

Juniper Networks devices are being affected with galore high-severity vulnerabilities involving the Junos OS, The Hacker News reports. Some of the flaws including a distant pre-authenticated PHP archive record deserialization bug wrong Junos OS's J-Web component, tracked arsenic CVE-2022-22241, could beryllium leveraged to facilitate distant codification execution, according to a study from Octagon Networks. "This vulnerability tin beryllium exploited by an unauthenticated distant attacker to get distant phar files deserialized, starring to arbitrary record write, which leads to a distant codification execution (RCE)," said Octagon Networks researcher Paulos Yibelo. Malicious actors could besides exploit a pre-authenticated reflected mistake leafage XSS bug, tracked arsenic CVE-2022-22242, to exfiltrate Junos OS admin sessions, portion XPATH injection flaws, tracked arsenic CVE-2022-22243 and CVE-2022-22244, could beryllium utilized for Junos OS admin league theft and manipulation. Other flaws identified see a way traversal vulnerability, tracked arsenic CVE-2022-22245, and a section record inclusion bug, tracked arsenic CVE-2022-22246. Juniper Networks has already addressed the flaws successful newer releases of the Junos OS.