Critical RCE can Compromise Juniper Networks Devices

 

A critical vulnerability fixed as of late by networking and cybersecurity solutions supplier Juniper Networks could permit an attacker to remotely hijack or disrupt affected devices. The security hole, followed as CVE-2021-0254 and affecting the Junos operating system, was found by Nguyễn Hoàng Thạch, otherwise known as d4rkn3ss, a researcher with Singapore-based cybersecurity organization STAR Labs. 

The researcher disclosed to SecurityWeek that the vulnerability, which he says is the most serious bug he has ever distinguished in a Juniper product, was reported to the vendor more than half a year ago.

“A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS.” reads the security advisory published by the company. “The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution.” 

As per Nguyễn, an attacker who effectively exploits this vulnerability can acquire root admittance to the targeted system and afterward install a backdoor or configure the device “in any way they want.” The flaw can be exploited on its own and an assailant would not have to chain it with different vulnerabilities. 

Assaults from the internet are conceivable in theory, however, the vulnerable gadgets are normally not exposed to the web. The researcher believes that if such a system can be reached from the internet, it is likely misconfigured. 

The organization noticed that the overlays daemon runs naturally on MX and ACX series routers and QFX series switches. Different platforms are vulnerable if a Virtual Extensible LAN (VXLAN) overlay network is configured. Juniper said it had not known about any vindictive assaults exploiting this vulnerability, yet noticed that an assault can be dispatched against default configurations.