SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

JSA72300 JunOS J-Web RCE Vulnerability mitigation and Dialup VPN users

  • 1.  JSA72300 JunOS J-Web RCE Vulnerability mitigation and Dialup VPN users

    Posted 09-22-2023 02:28


    The web article here: https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US

    Says the only mitigation for now is disable the web interface (from public view)

    But for users of PulseSecure -- it would seem https still needs to be open on the internet facing zone interface. 

    Am I understanding this correctly OR can web-management be excluded  from public view while Dialup/Dynamic VPN users can still connect to the firewall to access protected resources?

    Thanks, 

     -Ben



    ------------------------------
    Ben Kamen
    ------------------------------