Juniper Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution (CVE-2024-21591)

Advisory No: TZCERT/SA/2024/01/15

Date of First Release: 15^th January 2024

Source: Juniper

Software Affected: All versions of Junos OS on SRX Series and EX Series.

Overview:

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Successfully exploitation of the vulnerability could result in an attacker taking control of the affected system.

Description:

This is caused by the Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to cause Denial of Service (DoS) or take control of the affected system.

Solution:

Juniper has released software updates to resolve this specific issue on: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases. Users and administrators are encouraged to apply necessary updates.

References:

1. https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US