THREAT LEVEL - HIGH

15-01-2024

New Critical RCE Vulnerability in Juniper SRX Firewalls and EX Switches

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

 

Description

We have observed that a new critical vulnerability in Juniper Network’s SRX Series firewalls and EX Series switches, has been identified.

An unauthenticated, network-based attacker, by exploiting this vulnerability, could achieve remote code execution on affected systems and escalate to root privileges while gaining remote access.

This vulnerability, tracked as CVE-2024-21591, is an Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series.

This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.

Furthermore, a bad actor could cause, utilizing this issue, a Denial-of-Service (DoS).

 

CVE(s)

CVE-2024-21591

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

 

Affected Systems

  • Junos OS versions earlier than 20.4R3-S9
  • Junos OS 21.2 versions earlier than 21.2R3-S7
  • Junos OS 21.3 versions earlier than 21.3R3-S5
  • Junos OS 21.4 versions earlier than 21.4R3-S5
  • Junos OS 22.1 versions earlier than 22.1R3-S4
  • Junos OS 22.2 versions earlier than 22.2R3-S3
  • Junos OS 22.3 versions earlier than 22.3R3-S2, and
  • Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3

 

Recommendation(s)

You should proceed and apply all relevant security patches provided by the vendor.

As temporary workarounds, until the fixes are deployed, it is recommended that the administrators should disable J-Web or restrict access to only trusted hosts.

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

 

References

SIGN UP

Get the latest Threat Alerts in your inbox.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). By completing this form, you consent to the collection and processing of your personal data for the purpose of processing your inquiry. Your data will be handled securely and will not be shared with third parties without your explicit consent. You have the right to access, rectify, or delete your personal data at any time by contacting us at [email protected]. For more information on how we handle your data, please refer to our Privacy Notice