On 3/13/25 12:22 PM, Eric Kuhnke via NANOG wrote:
PDF file: https://supportportal.juniper.net/sfc/servlet.shepherd/document/download/069...
From reading this there was no known remote exploit, they needed user level shell access to exploit another local vulnerability which got them root and then installed this exploit. While this isn't great, if someone has unaudited login user level access to your routers, you've already lost. Basic ACL's go a long way to filtering this from outside a logged network too. Security is best when it's a multilayered approach. This said, I've been greeted with a login prompt telnetting to carrier's upstream router in the last 6 months. They seemed outright confused why I cared about it and closed the ticket. 🤦♂️ -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net