Juniper Networks has released out-of-band updates to address high-severity vulnerabilities in its SRX Series and EX Series [1] [2] [3] [4] [6]. These vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620 [1] [2] [3] [6], are rooted in the J-Web component and impact all versions of Junos OS [1] [2] [3] [6].
Description
CVE-2024-21619 is a missing authentication vulnerability with a CVSS score of 5.3 [5]. It allows an unauthenticated attacker to access sensitive configuration information [4]. On the other hand, CVE-2024-21620 is a more severe cross-site scripting (XSS) vulnerability with a CVSS score of 8.8 [5]. This vulnerability enables the execution of arbitrary commands [6]. Both vulnerabilities pose a significant risk as they could enable attackers to take control of systems [5]. The issues were discovered and reported by cybersecurity firm watchTowr Labs [1]. Juniper Networks has addressed these vulnerabilities in the latest versions of Junos OS. As temporary mitigations [2] [3] [6], users are advised to disable J-Web or restrict access to trusted hosts [6].
It is worth noting that two other vulnerabilities [6], CVE-2023-36846 and CVE-2023-36851 [1] [3] [6], have been added to the Known Exploited Vulnerabilities catalog [3] [6]. Additionally, Juniper Networks recently fixed a critical vulnerability (CVE-2024-21591) that could enable a denial-of-service or remote code execution [3] [6].
Conclusion
These vulnerabilities in Juniper Networks’ SRX Series and EX Series, specifically in the J-Web component, have the potential to be exploited by attackers. The missing authentication vulnerability (CVE-2024-21619) and the cross-site scripting vulnerability (CVE-2024-21620) can lead to unauthorized access and the execution of arbitrary commands, respectively. Juniper Networks has taken action by releasing updates to address these vulnerabilities. Users are advised to implement the latest versions of Junos OS and consider temporary mitigations such as disabling J-Web or restricting access to trusted hosts. The addition of two other vulnerabilities to the Known Exploited Vulnerabilities catalog highlights the ongoing need for vigilance in maintaining system security. Furthermore, the recent fix for a critical vulnerability (CVE-2024-21591) demonstrates the importance of prompt action to prevent denial-of-service or remote code execution.
References
[1] https://infosecbulletin.com/juniper-networks-releases-urgent-junos-os-updates/
[2] https://owasp.or.id/2024/01/30/juniper-networks-releases-urgent-junos-os-updates-for-high-severity-flaws/
[3] https://vulners.com/thn/THN:34A8E1FCBAE7A7BE675EB948590A1F97
[4] https://securityaffairs.com/158341/security/juniper-networks-flaws-srx-series-ex-series.html
[5] https://www.inferse.com/853766/juniper-networks-rolls-out-crucial-junos-os-patches-for-critical-security-flaws/
[6] https://thehackernews.com/2024/01/juniper-networks-releases-urgent-junos.html
