Juniper Networks has recently addressed a critical RCE i.e. Remote Control Execution vulnerability found in Junos OS that could facilitate a threat actor to remotely compromise an impacted system.

Juniper Networks, Inc. is an American multinational software organization that develops and markets networking products, like routers, switches, network management software, network security products, etc.

The Junos OS used in Juniper Network’s network devices creates an environment for accelerating the deployment of services and applications over a single network.

Remote Control Execution (RCE) Vulnerability in Junos OS:

The RCE vulnerability, tracked as CVE-2021-0254, was discovered and reported by security researcher Nguyễn Hoàng Thạch from cybersecurity organization STAR Labs that was jeopardizing the Juniper Junos OS.

The vulnerability is a remote code execution vulnerability in overlayd service that affects Junos OS 15.1X49, 15.1, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1, 20.2, 20.3.

This vulnerability has been attributed as a consequence of improper buffer size validation, which can lead to a buffer overflow.

Reporting and addressing the Juniper critical RCE vulnerability:

While detailing the critical vulnerability of the Juniper Junos OS, the researchers stated that it was one of the most critical vulnerabilities of the Juniper products that he has identified and was reported to the vendor over 6 months ago.

The researcher also stated that the hacker, once having positively exploited the vulnerability, can obtain root access to the targeted system or device and configure it to install a malicious backdoor. 

The exploitation of the flaw involves sending specially crafted packets to the targeted system and a sustained DoS attack could be launched by continuously sending malicious packets.

Juniper, while addressing the critical RCE vulnerability, noted that the flaw could be exploited via a remote, unauthorized threat actor for arbitrary code execution or to trigger a partial DoS i.e. denial-of-service attack on the vulnerable devices.

Also read,

Juniper released an advisory regarding the vulnerability explained, “The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution.”

Juniper said it had not been aware of any malicious attacks exploiting this vulnerability, but noted that an attack can be launched against default configurations.

CISA Advisory:

CISA i.e the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also disclosed a security warning recommending users and administrators to review the Juniper Security Advisories webpage and apply the required updates or workarounds.