⚡ TL;DR | Go Straight to the Juniper Vulnerability Audit Report
Juniper Networks has released security updates for its SRX Series firewalls and EX Series switches in response to a critical Out-of-bounds Write vulnerability. If successfully exploited the vulnerability could lead to remote code execution which could in turn compromise sensitive data or interrupt operations. We have added a report to Lansweeper to help you locate potentially vulnerable devices.
Juniper Vulnerability CVE-2024-21591
The vulnerability tracked as CVE-2024-21591 is an out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series. It received a critical CVSS score of 9.8. Because of an insecure function, the issue would let an unauthenticated, network-based attacker overwrite arbitrary memory. That would in turn allow them to cause denial of service, remote code execution, or obtain root privileges on the targetted device. For more details, please consult Juniper’s advisory.
Update Vulnerable Firewalls and Switches
Juniper has released security updates for all vulnerable OSs. You can find the complete list of affected Junos OS SRX Series and EX Series in their security bulletin. The issue has been addressed in Junos OS:
- 20.4R3-S9
- 21.2R3-S7
- 21.3R3-S5
- 21.4R3-S5
- 22.1R3-S4
- 22.2R3-S3
- 22.3R3-S2
- 22.4R2-S2
- 22.4R3
- 23.2R1-S1
- 23.2R2
- 23.4R1
- all subsequent releases
Until the fixes are deployed, it is recommended that you disable J-Web or restrict access to only trusted hosts, as a temporary workaround.
Discover Vulnerable Juniper Switches and Firewalls
Our team has put together a new report for you, to help you locate vulnerable switches and firewalls. This report will give you an actionable list of devices that may be running on an affected version of Junos OS so that you can take action to update your devices where necessary.
