Imechapishwa: Mar 14, 2025 17:15
Advisory No: TZCERT-SA-25-0069
Source: Juniper
Software Affected: Junos OS
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access.
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: All versions before 21.2R3-S9, 21.4 versions before 21.4R3-S10, 22.2 versions before 22.2R3-S6, 22.4 versions before 22.4R3-S6, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, 24.2 versions before 24.2R1-S2, 24.2R2.
A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.
The following software releases have been updated to resolve this specific issue: 21.2R3-S9*, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4*, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
