Juniper Networks has effectively addressed a significant remote code execution (RCE) vulnerability that impacted its SRX Series Firewalls and EX Series Switches.
This vulnerability, known as CVE-2024-21591, was specifically discovered in the J-Web service of Junos OS on SRX firewalls and EX switches. With a CVSS score of 9.8, indicating its severity, this vulnerability posed potential risks ranging from unauthorized access to potential denial-of-service (DoS) attacks. By exploiting this flaw, attackers could execute arbitrary code by overwriting critical memory.
The impacted versions include Junos OS versions prior to 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, and 22.4R3.
- Junos OS versions earlier than 20.4R3-S9
- Junos OS 21.2 versions earlier than 21.2R3-S7
- Junos OS 21.3 versions earlier than 21.3R3-S5
- Junos OS 21.4 versions earlier than 21.4R3-S5
- Junos OS 22.1 versions earlier than 22.1R3-S4
- Junos OS 22.2 versions earlier than 22.2R3-S3
- Junos OS 22.3 versions earlier than 22.3R3-S2, and
- Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3
In response to this security risk, Juniper Networks promptly released patches in versions 20.4R3-S9 and above, 21.2R3-S7 and above, 21.3R3-S5 and above, 21.4R3-S5 and above, as well as subsequent releases.
To further enhance security measures while awaiting patch deployment, Juniper Networks recommends temporary measures such as disabling J-Web services or limiting access exclusively to trusted hosts. These proactive steps aim to minimize the potential attack surface and provide an additional layer of protection.
The swift identification and resolution of this critical RCE vulnerability highlight Juniper Networks’ dedication to strengthening the security of its products. Users and administrators are strongly encouraged to actively participate in maintaining a secure network environment by promptly applying patches and implementing recommended mitigation measures. As cyber threats continue to evolve, maintaining vigilance and taking proactive measures remain crucial in safeguarding critical network infrastructure and sensitive data.
Very helpful, thank you!
Praesent vehicula nunc eget ex aliquet rutrum. Maecenas porttitor, turpis nec dignissim faucibus, nibh est fermentum mauris, eu maximus ante tellus ut massa. Integer non pharetra ex, in tincidunt ex. Sed quis felis non tortor rhoncus porta vel ut lorem. Fusce finibus ante nec nulla eleifend accumsan.