overview
Juniper Networks has patched a critical pre-authentication Remote Code Execution (RCE) vulnerability (CVE-2024-21591), affecting Junos OS on SRX firewalls and EX switches. The vulnerability has a CVSS score of 9.8 and is an out-of-bound flaw that allows unauthenticated, network-based attackers to execute a denial-of-service (DoS) attack, RCE attack, or gain root privileges on exposed devices.
CVE-2024-21591 stems from the use of an insecure function, which allows an attacker to overwrite arbitrary memory. The vulnerability impacts the following Junos OS versions earlier than:
Juniper Networks has released patches for the affected Junos OS versions. Admins are strongly advised to promptly update their instances to versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, or later.
Currently, there are over 10,000 exposed J-Web interfaces online, mainly in Asia (South Korea, Hong Kong, China) and the U.S. These interfaces are commonly found on standard HTTP ports: 443, 8080, and 80. So far, Juniper is unaware of attackers exploiting CVE-2024-21591. Juniper and Avertium highly recommend that you patch as soon as possible. If you cannot immediately patch, Juniper recommends disabling the J-Web interface or restricting access to trusted hosts.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2024-21591. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION