Juniper Networks disclosed information about a critical vulnerability (CVSS 9.8) identified as CVE-2024-21591, which was discovered in the J-Web interface and allows a malicious actor to remotely execute code within the system.
This issue affects users of Juniper Networks networking equipment. The vulnerability can be exploited through the J-Web graphical interface for configuring networking equipment running the Junos OS operating system on SRX and EX series devices.
This issue is related to the use of an unsafe function that allows an attacker to overwrite arbitrary memory. But using the Intruforce service, such vulnerabilities can be identified and eliminated before hackers exploit them.
Solution:
The vulnerability has been addressed in the following Junos OS updates:
- 20.4R3-S9;
- 21.2R3-S7;
- 21.3R3-S5;
- 21.4R3-S5;
- 22.1R3-S4;
- 22.2R3-S3;
- 22.3R3-S2;
- 22.4R2-S2;
- 22.4R3;
- 23.2R1-S1;
- 23.2R2;
- 23.4R1;
- and all subsequent releases.
If you use a Junos OS version without the fix, disable the J-Web graphical interface and use the console or restrict access to it for all untrusted users.
Technical Details:
Critical vulnerability
CVSS 9.8 CVSS:3.1 / AV:N / AC:L / PR:N / UI:N / S:U / C:H / I:H / A:H
CVSS v4.0 Score: 9.3 (CVSS:4.0 / AV:N / AC:L / AT:N / PR:N / UI:N / VC:H / VI:H / VA:H / SC:N /SI:N / SA:N)
From the company report: “The vulnerability affects all Junos OS SRX Series and EX Series versions and is related to an out-of-bounds write, allowing an unauthenticated attacker to trigger a denial of service (DoS) or remote code execution (RCE), as well as gain root privileges on the device.”
