Juniper Networks has introduced updates to correct a critical distant code execution (RCE) vulnerability in its SRX Sequence firewalls and EX Series switches.
The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring procedure.
“An out-of-bounds compose vulnerability in J-Web of Juniper Networks Junos OS SRX Collection and EX Sequence enables an unauthenticated, network-based mostly attacker to result in a Denial-of-Company (DoS) or Remote Code Execution (RCE) and obtain root privileges on the gadget,” the organization stated in an advisory.
The networking equipment big, which is set to be acquired by Hewlett Packard Organization (HPE) for $14 billion, mentioned the issue is prompted by use of an insecure perform allowing for a terrible actor to overwrite arbitrary memory.
The flaw impacts the next variations, and has been fastened in variations 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and afterwards –
- Junos OS variations earlier than 20.4R3-S9
- Junos OS 21.2 variations earlier than 21.2R3-S7
- Junos OS 21.3 variations earlier than 21.3R3-S5
- Junos OS 21.4 variations before than 21.4R3-S5
- Junos OS 22.1 versions earlier than 22.1R3-S4
- Junos OS 22.2 variations earlier than 22.2R3-S3
- Junos OS 22.3 variations earlier than 22.3R3-S2, and
- Junos OS 22.4 versions before than 22.4R2-S2, 22.4R3
As short-term workarounds until eventually the fixes are deployed, the company suggests that users disable J-Web or restrict entry to only reliable hosts.
Also settled by Juniper Networks is a higher-severity bug in Junos OS and Junos OS Evolved (CVE-2024-21611, CVSS rating: 7.5) that could be weaponized by an unauthenticated, network-based mostly attacker to lead to a DoS situation.
Though there is proof that the vulnerabilities are currently being exploited in the wild, several security shortcomings impacting the company’s SRX firewalls and EX switches have been abused by menace actors very last 12 months.
Identified this write-up appealing? Adhere to us on Twitter and LinkedIn to study more exclusive articles we write-up.
Some parts of this article are sourced from:
thehackernews.com