Juniper Networks has issued updates to address a critical remote code execution (RCE) vulnerability found in its SRX Series firewalls and EX Series switches. Rated 9.8 on the CVSS scoring system and tracked as CVE-2024-21591, this vulnerability could allow an unauthenticated, network-based attacker to execute remote code or cause a Denial-of-Service (DoS) situation, potentially gaining root privileges on the affected device. The vulnerability stems from an out-of-bounds write issue in J-Web of Juniper Networks Junos OS SRX Series and EX Series.
The vulnerability arises due to the use of an insecure function, enabling malicious actors to overwrite arbitrary memory. The affected versions include various iterations prior to 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later.
As interim measures until the patches are applied, users are advised by Juniper Networks to either disable J-Web or limit access solely to trusted hosts.
Additionally, Juniper Networks has addressed a high-severity bug in Junos OS and Junos OS Evolved, identified as CVE-2024-21611 with a CVSS score of 7.5. This vulnerability, exploitable by an unauthenticated, network-based attacker, could lead to a DoS scenario.
Although there’s no evidence of active exploitation in the wild, Juniper Networks encountered multiple security vulnerabilities in its SRX firewalls and EX switches in the previous year, which were exploited by threat actors. Data from Censys, an attack surface management firm, indicates that as of January 11, 2024, more than 11,500 J-Web interfaces are accessible online, with a significant number located in South Korea, the U.S., Hong Kong, China, and India.