1 min read News

Security researchers found several critical vulnerabilities in the J-Web web interface, which is used in Juniper network devices with the JunOS operating system.

Security researchers found several critical vulnerabilities in the J-Web web interface, which is used in Juniper network devices with the JunOS operating system.
Photo by Christopher Gower / Unsplash

The most dangerous one with CVE-2022-22241 identifier allows to remotely execute its code in the system without authentication by sending specially crafted HTTP request.

The vulnerability lies in the fact that the file path passed by the user is processed in the /jsdm/ajax/logging_browse.php script without filtering the prefix with the content type at the stage before the authentication check.

This allows a hacker to pass a malicious phar file disguised as an image and achieve execution of the phar hosted PHP code via a "phar deserialization" attack (by specifying "filepath=phar:/path/pharfile.jpg" in the request).

You might also like...

Sep
20
"Eternal" Nuclear Battery Outperforms by 8,000 Times: A Deep Dive into Its Structure and Functionality

"Eternal" Nuclear Battery Outperforms by 8,000 Times: A Deep Dive into Its Structure and Functionality

In a groundbreaking innovation, scientists have developed a nuclear battery that is 8,000 times more efficient than conventional alternatives.
5 min read
Sep
17
Amazon Employees Required to Return to Offices Starting January 2025: Key Exceptions and Impact on Workforce Productivity

Amazon Employees Required to Return to Offices Starting January 2025: Key Exceptions and Impact on Workforce Productivity

Amazon has announced a significant change in its work policy, requiring employees to return to the office for five days
5 min read
Sep
13
Flappy Bird is Making a Comeback: Iconic Game Returns to iOS and Android After a Decade

Flappy Bird is Making a Comeback: Iconic Game Returns to iOS and Android After a Decade

In a surprising twist that will thrill fans worldwide, the iconic mobile game Flappy Bird is set to make its
5 min read
Sep
11
The iPhone 16’s New Button is Coming to Android Smartphones

The iPhone 16’s New Button is Coming to Android Smartphones

Apple has once again set a new trend with the introduction of a dedicated camera control button on the iPhone
4 min read
Sep
03
Flexibility in Design: The Potential of Flexible Glass Displays to Replace MacBook Pro Keyboards

Flexibility in Design: The Potential of Flexible Glass Displays to Replace MacBook Pro Keyboards

Keyboards, by their very nature, are susceptible to external elements such as dust, crumbs, and liquids that can obstruct their
4 min read
GrowthNowGeek © 2024