Juniper Networks Addresses Critical Vulnerabilities in SRX Firewalls and EX Switches (CVE-2024-21591)

Written By Fady Abdeltawab

Introduction:

In recent updates, Juniper Networks has taken significant steps to address critical vulnerabilities in its SRX Series firewalls and EX Series switches. The most noteworthy of these is the remote code execution (RCE) flaw, CVE-2024-21591, with a CVSS score of 9.8. This vulnerability poses a serious threat, allowing unauthenticated attackers to exploit the J-Web configuration interfaces and potentially execute remote code or initiate a Denial-of-Service (DoS) attack.

Impact:

The vulnerability allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the targeted device. The issue arises from an out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series. As a temporary solution until the fixes are deployed, Juniper Networks recommends users disable J-Web or restrict access to only trusted hosts.

Affected Versions:

The flaw impacts various Junos OS versions, and the following versions that are vulnerable are:

  • Junos OS versions earlier than 20.4R3-S9

  • Junos OS 21.2 versions earlier than 21.2R3-S7

  • Junos OS 21.3 versions earlier than 21.3R3-S5

  • Junos OS 21.4 versions earlier than 21.4R3-S5

  • Junos OS 22.1 versions earlier than 22.1R3-S4

  • Junos OS 22.2 versions earlier than 22.2R3-S3

  • Junos OS 22.3 versions earlier than 22.3R3-S2, and

  • Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3

The List of fixed versions include:

  • 20.4R3-S9

  • 21.2R3-S7

  • 21.3R3-S5

  • 21.4R3-S5

  • 22.1R3-S4

  • 22.2R3-S3

  • 22.3R3-S2

  • 22.4R2-S2

  • 22.4R3

  • 23.2R1-S1

  • 23.2R2

  • 23.4R1, and later

Mitigation and Recommendations:

Apply Security Updates:

Admins are strongly advised to immediately apply the security updates provided by Juniper Networks. Alternatively, upgrading JunOS to the latest release is recommended.

Disable J-Web Interface:

If applying updates is not immediately possible, disabling the J-Web interface is a recommended workaround to eliminate the attack vector.

Restrict Access:

Another temporary workaround is to restrict J-Web access to only trusted network hosts until patches are deployed.

Fady Abdeltawab
Previous

Unveiling GrimResource: The Latest Microsoft Management Console Exploit for Initial Access and Evasion
Next

Ransomware Exploits VMware ESXi Vulnerabilities