On 10 January 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices.
The vulnerability was discovered during external security research. At this time, we have not observed active exploitation or a public proof of concept published for this vulnerability.
CVE-2024-21591 | CVSS: 9.8 – Critical | Active Exploitation | PoC Exploit |
Remote Code Execution – An out-of-bounds write vulnerability in the J-Web component of Junos OS caused by the use of an insecure function, allowing a threat actor to overwrite arbitrary memory. | No | No |
Threat actors have historically targeted vulnerabilities in Junos SRX and EX series products, including the four 2023 vulnerabilities that could be chained together to achieve unauthenticated RCE. Due to the potential for unauthenticated remote code execution with root privileges and the historical targeting of Junos OS, Arctic Wolf strongly recommends upgrading to the latest available patches for all impacted devices.
Recommendation: Apply the Latest Fixes Released by Juniper Networks
Arctic Wolf strongly recommends reviewing Juniper Networks’ Knowledge Base article and their customer support website (login required) to access and apply the relevant fixes.
Product | Impacted Versions | Fixed Version |
Junos OS on SRX and EX Series Devices | · Versions earlier than 20.4R3-S9;
· Versions earlier than 21.2R3-S7; · Versions earlier than 21.3R3-S5; · Versions earlier than 21.4R3-S5; · Versions earlier than 22.1R3-S4; · Versions earlier than 22.2R3-S3; · Versions earlier than 22.3R3-S2; · Versions earlier than 22.4R2-S2, 22.4R3. |
· 20.4R3-S9
· 21.2R3-S7 · 21.3R3-S5 · 21.4R3-S5 · 22.1R3-S4 · 22.2R3-S3 · 22.3R3-S2 · 22.4R2-S2, 22.4R3 · 23.2R1-S1 · 23.2R2 · 23.4R1 |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
Workaround: Disable J-Web Component
If applying the latest fix is not feasible, we strongly recommend applying Juniper Network’s workaround. Juniper Networks’ recommends disabling the J-Web component or limiting access to trusted hosts until the fix can be applied.