November 13, 2023 at 12:29PM
CISA has warned federal agencies to secure Juniper devices on their networks by Friday due to four vulnerabilities that are being actively exploited. Juniper has acknowledged successful exploitation of these vulnerabilities and has urged customers to upgrade immediately. Over 10,000 Juniper devices with vulnerable interfaces have been exposed online. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog and federal agencies must upgrade their Juniper devices within the next four days. CISA also encourages all organizations to patch these vulnerabilities promptly.
The meeting notes highlight the urgent need for federal agencies to secure Juniper devices on their networks against four vulnerabilities that have been actively exploited. CISA has warned that these vulnerabilities pose significant risks, and Juniper has confirmed successful exploitation.
ShadowServer has reported thousands of Juniper devices with exposed J-Web interfaces, with a large number located in South Korea. To mitigate the risk, administrators are strongly urged to upgrade JunOS to the most recent release or restrict Internet access to the J-Web interface.
CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, making it mandatory for U.S. Federal Civilian Executive Branch Agencies to secure their Juniper devices within the next four days.
While the directive primarily applies to federal agencies, CISA strongly advises all organizations, including private companies, to prioritize patching these vulnerabilities promptly. This is in line with the previous binding operational directive issued by CISA in June, which emphasized enhancing the security of Internet-exposed or misconfigured networking equipment.