Rewterz Threat Update –Threat Actors Target 1 Million Active WordPress Database Plugins
January 29, 2024Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
January 29, 2024Rewterz Threat Update –Threat Actors Target 1 Million Active WordPress Database Plugins
January 29, 2024Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
January 29, 2024Severity
High
Analysis Summary
CVE-2024-21619 CVSS:5.3
Juniper Networks Junos OS could allow a remote attacker to obtain sensitive information, caused by missing authentication for critical function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain device configuration information, and use this information to launch further attacks against the affected system.
CVE-2024-21620 CVSS:8.8
Juniper Networks Junos OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-21619
- CVE-2024-21620
Affected Vendors
Juniper
Affected Products
- Juniper Networks Junos OS 21.2
- Juniper Networks Junos OS 21.3
- Juniper Networks Junos OS 21.4
- Juniper Networks Junos OS 22.1
- Juniper Networks Junos OS 22.3
- Juniper Networks Junos OS 22.2
- Juniper Networks Junos OS 22.4
- Juniper Networks Junos OS 23.2
- Juniper Networks Junos OS 23.4
Remediation
Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.