Ongoing remote code execution attacks leveraging four Juniper J-Web interface vulnerabilities, tracked from CVE-2023-36844 to CVE-2023-36847, in a pre-auth exploit chain have led to their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, BleepingComputer reports.
Federal agencies have been urged to remediate the flaws by Nov. 17.
Such an advisory from CISA comes a week after successful exploitation was confirmed by Juniper and nearly three months after ShadowServer reported discovering attempted exploitation of the flaws just a week after the release of patches, as well as a proof-of-concept exploit from watchTowr Labs.
"Given the simplicity of exploitation, and the privileged position that JunOS devices hold in a network, we would not be surprised to see large-scale exploitation. Those running an affected device are urged to update to a patched version at their earliest opportunity, and/or to disable access to the J-Web interface if at all possible," said watchTowr Labs researchers.