Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck. Juniper revealed and addressed five flaws, which affect all versions of Junos OS on SRX …
Exactly, but a lot of cloud-controlled or centrally-controlled firewalls use this method.
So when your new firewall turns up with "manage from the cloud," just say no!
Alternatively, set up IP restriction (because you can - it's a firewall) if you absolutely need to be able to access the HTTPS interface remotely.
Yes and no. If we're talking about Juniper MIST, it's the firewall itself that phones home to the mothership, not the otherway around. So in that case, there's still no reason to have this open to the world.
I've long maintained that many of these RCE vulns, whilst serious and should be fixed, can be mitigated by default with a bit of good management plane planning and security.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
