Juniper Networks has identified and addressed critical vulnerabilities in its SRX Series firewalls, EX Series switches, Junos OS and Junos OS Evolved, potentially exposing devices to remote code execution (RCE) and denial-of-service (DoS) attacks.
Vulnerability CVE-2024-21591
- Severity: Critical (CVSS score: 9.8)
- Description: An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device.
- Affected Versions:
- Junos OS versions earlier than 20.4R3-S9
- Junos OS 21.2 versions earlier than 21.2R3-S7
- Junos OS 21.3 versions earlier than 21.3R3-S5
- Junos OS 21.4 versions earlier than 21.4R3-S5
- Junos OS 22.1 versions earlier than 22.1R3-S4
- Junos OS 22.2 versions earlier than 22.2R3-S3
- Junos OS 22.3 versions earlier than 22.3R3-S2
- Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3
- Fixed Versions:
- 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later releases.
- Workaround:
- As temporary measures until fixes are deployed, users are advised to disable J-Web or restrict access to only trusted hosts.
- Alternatively, restrict J-Web access to trusted network hosts until patches are deployed.
Additional High-Severity Bug CVE-2024-21611
- Severity: High (CVSS score: 7.5)
- Description: Junos OS and Junos OS Evolved are affected by a high-severity bug (CVE-2024-21611) that could be exploited by an unauthenticated, network-based attacker to cause a DoS condition.
- Affected Versions:
- Junos OS 21.4 versions earlier than 21.4R3.
- Junos OS 22.1 versions earlier than 22.1R3.
- Junos OS 22.2 versions earlier than 22.2R3.
- Junos OS Evolved 21.4-EVO versions earlier than 21.4R3-EVO.
- Junos OS Evolved 22.1-EVO versions earlier than 22.1R3-EVO.
- Junos OS Evolved 22.2-EVO versions earlier than 22.2R3-EVO.
- Fixed Versions:
- Junos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.
- Junos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.
- Workaround:
- Although not a workaround, it is advised to monitor the memory utilization proactively and when it reaches 85% of total RE memory, restart rpd or reboot the system.
Previous Exploitations
- Though no evidence suggests current exploitation, it is crucial to note that multiple security shortcomings affecting Juniper’s SRX firewalls and EX switches were abused by threat actors last year.
- CISA issued warnings of a Juniper pre-auth RCE exploit used in the wild, emphasizing the urgency of securing affected devices.
References
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US
- https://censys.com/cve-2024-21591-juniper-j-web-oob-write-vulnerability/
- https://www.bleepingcomputer.com/news/security/juniper-warns-of-critical-rce-bug-in-its-firewalls-and-switches/
- https://securityaffairs.com/157373/security/juniper-networks-rce-cve-2024-21591.html
- https://thehackernews.com/2024/01/critical-rce-vulnerability-uncovered-in.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591
- https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611?language=en_US
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21611