Flash Notices

Flash Notice: Juniper Networks Addresses Critical RCE Vulnerability (CVE-2024-21591) in SRX Firewalls and EX Switches

Written by Marketing | Jan 17, 2024 8:24:00 PM

overview

Juniper Networks has patched a critical pre-authentication Remote Code Execution (RCE) vulnerability (CVE-2024-21591), affecting Junos OS on SRX firewalls and EX switches. The vulnerability has a CVSS score of 9.8 and is an out-of-bound flaw that allows unauthenticated, network-based attackers to execute a denial-of-service (DoS) attack, RCE attack, or gain root privileges on exposed devices.  

CVE-2024-21591 stems from the use of an insecure function, which allows an attacker to overwrite arbitrary memory. The vulnerability impacts the following Junos OS versions earlier than:  

  • 20.4R3-S9 
  • 21.2R3-S7 
  • 21.3R3-S5 
  • 21.4R3-S5 
  • 22.1R3-S4 
  • 22.2R3-S3 
  • 22.3R3-S2 
  • 22.4R2-S2 
  • 22.4R3 

Juniper Networks has released patches for the affected Junos OS versions. Admins are strongly advised to promptly update their instances to versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, or later.  

Currently, there are over 10,000 exposed J-Web interfaces online, mainly in Asia (South Korea, Hong Kong, China) and the U.S. These interfaces are commonly found on standard HTTP ports: 443, 8080, and 80. So far, Juniper is unaware of attackers exploiting CVE-2024-21591. Juniper and Avertium highly recommend that you patch as soon as possible. If you cannot immediately patch, Juniper recommends disabling the J-Web interface or restricting access to trusted hosts. 

 

 

avertium's recommendationS

For patch guidance, please see Juniper’s advisory. The company is also tracking the issue as PR 1747984, which is only visible on their Customer Support website 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-21591. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 




 

SUPPORTING DOCUMENTATION

2024-01 Security Bulletin: Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution (CVE-2024-21591) (juniper.net) 

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches (thehackernews.com) 

CVE-2024-21591 - Juniper J-Web OOB Write vulnerability - Censys 

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) - Help Net Security