Found 3 bookmarks
Custom sorting
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
n Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.
#juniper#EN#2024#advisory#SessionSmart#Router#SSN#Mirai#default-password
·supportportal.juniper.net·
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
  • Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier: cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
#censys#EN#2024#CVE-2024-21591#Juniper#J-Web#OOB#vulnerability#RCE#exposed
·censys.com·
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability