1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Juniper patches security flaws which could have let hackers take

    From TechnologyDaily@1337:1/100 to All on Fri Mar 14 16:30:08 2025
    Juniper patches security flaws which could have let hackers take over your router

    Date:
    Fri, 14 Mar 2025 16:20:00 +0000

    Description:
    Researchers saw six distinct backdoor samples being used in this campaign.

    FULL STORY ======================================================================Juniper Networks has patched a vulnerability in its routers The flaw was being abused by Chinese threat actors Multiple devices were vulnerable

    Juniper Networks has released a patch for a vulnerability that was being exploited in the wild to attack some of its router brands.

    According to the companys security advisory, the bug is an improper
    isolation, or compartmentalization weakness, and its tracked as CVE-2025-21590. It was given a severity score of 6.7 (medium).

    The bug is used by Chinese hackers, who had been exploiting it since 2024 to backdoor vulnerable Juniper routers that reached end-of-life, a recent
    Madiant security report revealed. Chinese hackers

    "In mid 2024, Mandiant discovered threat actors deployed custom backdoors operating on Juniper Networks' Junos OS routers," the cybersecurity company explained. "Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL based backdoors
    operating on Juniper Networks' Junos OS routers."

    UNC3886 was observed in the past targeting defense, technology, and telecommunications organizations with sophisticated malware, deployed through zero-day vulnerabilities.

    It affects at least these models: NFX-Series, Virtual SRX, SRX-Series Branch, SRX-Series HE, EX-Series, QFX-Series, ACX, and MX-Series, however, Juniper Networks said that it is still investigating the vulnerability and that the full list could be different.

    The bug can be exploited to allow local attackers with high privileges to run arbitrary code on the routers, and thus compromise them.

    "At least one instance of malicious exploitation (not at Amazon) has been reported to the Juniper SIRT, Juniper said in its advisory. Customers are encouraged to upgrade to a fixed release as soon as it's available and in the meantime take steps to mitigate this vulnerability."

    The issue was resolved in 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.

    At the same time, CISA added the bug to its Known Exploited Vulnerabilities catalog (KEV), confirming reports of in-the-wild abuse, and giving Federal Civilian Executive Branch (FCEB) agencies three weeks to apply the patch, or stop using vulnerable solutions.

    Via BleepingComputer You might also like Chinese hackers targeting Juniper Networks routers, so patch now We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/juniper-patches-security-flaws-which-co uld-have-let-hackers-take-over-your-router


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)