back to article Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all

About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck. Juniper revealed and addressed five flaws, which affect all versions of Junos OS on SRX …

  1. Missing Semicolon Silver badge


    There's your vulnerability right there!

  2. sitta_europea Silver badge


  3. IGotOut Silver badge

    Bloody M$

    and their Swiss cheese security.

    If they had been running an open source based OS this would NEVER happen.


  4. Anonymous Coward
    Anonymous Coward

    Shall we talk about why anyone would choose to even put the http(s) management interface available on the internet in the first place?

    1. MrReynolds2U

      Exactly, but a lot of cloud-controlled or centrally-controlled firewalls use this method.

      So when your new firewall turns up with "manage from the cloud," just say no!

      Alternatively, set up IP restriction (because you can - it's a firewall) if you absolutely need to be able to access the HTTPS interface remotely.

  5. Anonymous Coward
    Anonymous Coward

    Yes and no. If we're talking about Juniper MIST, it's the firewall itself that phones home to the mothership, not the otherway around. So in that case, there's still no reason to have this open to the world.

    I've long maintained that many of these RCE vulns, whilst serious and should be fixed, can be mitigated by default with a bit of good management plane planning and security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like