On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices.
The vulnerability was discovered during external security research. At this time, we have not observed active exploitation or a public proof of concept published for this vulnerability.
|CVSS: 9.8 – Critical
|Remote Code Execution – An out-of-bounds write vulnerability in the J-Web component of Junos OS caused by the use of an insecure function, allowing a threat actor to overwrite arbitrary memory.
Threat actors have historically targeted vulnerabilities in Junos SRX and EX series products, including the four 2023 vulnerabilities that could be chained together to achieve unauthenticated RCE. Due to the potential for unauthenticated remote code execution with root privileges and the historical targeting of Junos OS, Arctic Wolf strongly recommends upgrading to the latest available patches for all impacted devices.
Recommendation: Apply the Latest Fixes Released by Juniper Networks
|Junos OS on SRX and EX Series Devices
|· Versions earlier than 20.4R3-S9;
· Versions earlier than 21.2R3-S7;
· Versions earlier than 21.3R3-S5;
· Versions earlier than 21.4R3-S5;
· Versions earlier than 22.1R3-S4;
· Versions earlier than 22.2R3-S3;
· Versions earlier than 22.3R3-S2;
· Versions earlier than 22.4R2-S2, 22.4R3.
· 22.4R2-S2, 22.4R3
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
Workaround: Disable J-Web Component
If applying the latest fix is not feasible, we strongly recommend applying Juniper Network’s workaround. Juniper Networks’ recommends disabling the J-Web component or limiting access to trusted hosts until the fix can be applied.
- Juniper Networks’ Security Advisory: https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US
- AW Labs Blog – Multiple Junos OS Vulnerabilities Could lead to Unauthenticated Remote Code Execution: https://arcticwolf.com/resources/blog/multiple-junos-os-vulnerabilities-could-lead-to-unauthenticated-remote-code-execution/