Juniper Networks fixed a critical RCE in its firewalls and switches


Juniper Networks fixed a critical RCE bug in its firewalls and switches

Pierluigi Paganini
Juniper Networks fixed a critical RCE in its firewalls and switches January 12, 2024

Juniper Networks fixed a critical RCE in its firewalls and switches

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches.

Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches.

The vulnerability resides in the devices’ J-Web configuration interfaces, an unauthenticated attacker can exploit the vulnerability to get root privileges or launch denial-of-service (DoS) attacks against unpatched devices.

“An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.” reads the advisory published by the vendor.

“This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.”

This vulnerability affects Juniper Networks Junos OS SRX Series and EX Series:

  • Junos OS versions earlier than 20.4R3-S9;
  • Junos OS 21.2 versions earlier than 21.2R3-S7;
  • Junos OS 21.3 versions earlier than 21.3R3-S5;
  • Junos OS 21.4 versions earlier than 21.4R3-S5;
  • Junos OS 22.1 versions earlier than 22.1R3-S4;
  • Junos OS 22.2 versions earlier than 22.2R3-S3;
  • Junos OS 22.3 versions earlier than 22.3R3-S2;
  • Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Juniper SIRT is not aware of any attacks exploiting this vulnerability in the wild.

The vendor released the following software versions to address the issue:

Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.

The advisory also includes a workaround, the company recommends disabling J-Web, or limiting access to only trusted hosts.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Juniper)







Source link