Found 4 bookmarks
Newest
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
  • Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier: cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
#censys#EN#2024#CVE-2024-21591#Juniper#J-Web#OOB#vulnerability#RCE#exposed
·censys.com·
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
CVE-2023-21554: MSMQ
CVE-2023-21554: MSMQ
On April 12th, 2023, Microsoft released a slew of new patches for its Windows operating system, one of which was to fix CVE-2023-21554, a remotely-exploitable vulnerability in the obscure Windows Message Queuing (MSMQ) service that can lead to remote code execution (RCE).
#Censys#EN#2023#cve-2023-21554#MSMQ#graphs#metrics
·censys.wpengine.com·
CVE-2023-21554: MSMQ
Pulse Connect Secure: A View from the Internet
Pulse Connect Secure: A View from the Internet
Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.
#censys#EN#2022#PulseConnectSecure#VPN#vulnerable#CVE-2021-22893
·censys.io·
Pulse Connect Secure: A View from the Internet
Pulse Connect Secure: A View from the Internet
Pulse Connect Secure: A View from the Internet
Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.
#censys#EN#2022#PulseConnectSecure#VPN#vulnerable#CVE-2021-22893
·censys.io·
Pulse Connect Secure: A View from the Internet