Close Menu
    Cyber Security

    Critical RCE vulnerability discovered in Juniper SRX firewall and EX switches

    techempireBy 3 Comments2 Mins Read

    ReportJanuary 13, 2024Editorial DepartmentVulnerabilities/Cybersecurity

    Juniper Networks Vulnerability

    Juniper Networks has released an update to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.

    The issue is tracked as CVE-2024-21591rated 9.8 on the CVSS scoring system.

    “An out-of-bounds write vulnerability exists in J-Web on Juniper Networks Junos OS SRX Series and EX Series, which could allow an unauthenticated network-based attacker to cause a denial of service (DoS) or remote code execution (RCE) , and gain root access to the device,” the company said in an announcement.

    The networking equipment specialist, which is about to be acquired by Hewlett Packard Enterprise (HPE) for $14 billion, said the issue was caused by the use of an insecure feature that allowed bad actors to overwrite arbitrary memory.

    Internet security

    This flaw affects the following versions and has been fixed in versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2 – S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1 and later –

    • Junos OS versions prior to 20.4R3-S9
    • Junos OS 21.2 versions earlier than 21.2R3-S7
    • Junos OS 21.3 versions earlier than 21.3R3-S5
    • Junos OS 21.4 versions earlier than 21.4R3-S5
    • Junos OS 22.1 versions earlier than 22.1R3-S4
    • Junos OS 22.2 versions earlier than 22.2R3-S3
    • Junos OS 22.3 versions earlier than 22.3R3-S2, and
    • Junos OS 22.4 versions earlier than 22.4R2-S2 and 22.4R3

    As a workaround until a fix is ​​deployed, the company recommends that users disable J-Web or limit access to trusted hosts only.

    Internet security

    Juniper Networks also resolved a high-severity bug (CVE-2024-21611, CVSS score: 7.5) in Junos OS and Junos OS Evolved that could be exploited by an unauthenticated network-based attacker to cause a DoS Condition.

    Multiple security flaws affecting the company’s SRX firewalls and EX switches were abused by threat actors last year, although there is evidence that these vulnerabilities are being widely exploited.

    Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



    Source link

    Share.

    Related Posts

    3 Comments

    1. Pingback: Critical RCE vulnerability discovered in Juniper SRX firewall and EX switches – Tech Empire Solutions

    2. Pingback: Critical RCE vulnerability discovered in Juniper SRX firewall and EX switches – Mary Ashley

    3. Pingback: Critical RCE vulnerability discovered in Juniper SRX firewall and EX switches – Paxton Willson

    Leave A Reply