CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

Share :

On 10 January 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices.

The vulnerability was discovered during external security research. At this time, we have not observed active exploitation or a public proof of concept published for this vulnerability.

CVE-2024-21591 CVSS: 9.8 – Critical Active Exploitation PoC Exploit
Remote Code Execution – An out-of-bounds write vulnerability in the J-Web component of Junos OS caused by the use of an insecure function, allowing a threat actor to overwrite arbitrary memory. No No

Threat actors have historically targeted vulnerabilities in Junos SRX and EX series products, including the four 2023 vulnerabilities that could be chained together to achieve unauthenticated RCE. Due to the potential for unauthenticated remote code execution with root privileges and the historical targeting of Junos OS, Arctic Wolf strongly recommends upgrading to the latest available patches for all impacted devices.

Recommendation: Apply the Latest Fixes Released by Juniper Networks

Arctic Wolf strongly recommends reviewing Juniper Networks’ Knowledge Base article and their customer support website (login required) to access and apply the relevant fixes.

Product Impacted Versions Fixed Version
Junos OS on SRX and EX Series Devices ·       Versions earlier than 20.4R3-S9;

·       Versions earlier than 21.2R3-S7;

·       Versions earlier than 21.3R3-S5;

·       Versions earlier than 21.4R3-S5;

·       Versions earlier than 22.1R3-S4;

·       Versions earlier than 22.2R3-S3;

·       Versions earlier than 22.3R3-S2;

·       Versions earlier than 22.4R2-S2, 22.4R3.

·       20.4R3-S9

·       21.2R3-S7

·       21.3R3-S5

·       21.4R3-S5

·       22.1R3-S4

·       22.2R3-S3

·       22.3R3-S2

·       22.4R2-S2, 22.4R3

·       23.2R1-S1

·       23.2R2

·       23.4R1

Please follow your organisation’s patching and testing guidelines to avoid any operational impact.

Workaround: Disable J-Web Component

If applying the latest fix is not feasible, we strongly recommend applying Juniper Network’s workaround. Juniper Networks’ recommends disabling the J-Web component or limiting access to trusted hosts until the fix can be applied.

References

Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Categories