Juniper Networks has launched out-of-band updates to address high-severity flaws in SRX Series and EX Sequence that could be exploited by a threat actor to acquire manage of inclined techniques.
The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web element and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-36851, have been beforehand disclosed by the company in August 2023.
- CVE-2024-21619 (CVSS rating: 5.3) – A lacking authentication vulnerability that could guide to publicity of delicate configuration info
- CVE-2024-21620 (CVSS score: 8.8) – A cross-site scripting (XSS) vulnerability that could guide to the execution of arbitrary instructions with the target’s permissions by usually means of a specially crafted request
Cybersecurity business watchTowr Labs has been credited with discovering and reporting the issues. The two vulnerabilities have been tackled in the subsequent variations –
- CVE-2024-21619 – 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases
- CVE-2024-21620 – 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, and all subsequent releases
As non permanent mitigations until finally the fixes are deployed, the firm is recommending that people disable J-Web or prohibit accessibility to only trustworthy hosts.
It’s value noting that equally CVE-2023-36846 and CVE-2023-36851 ended up added to the Regarded Exploited Vulnerabilities (KEV) catalog in November 2023 by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), dependent on proof of energetic exploitation.
Earlier this month, Juniper Networks also transported fixes to incorporate a critical vulnerability in the similar goods (CVE-2024-21591, CVSS rating: 9.8) that could empower an attacker to bring about a denial-of-service (DoS) or remote code execution and get hold of root privileges on the device.
Discovered this article fascinating? Observe us on Twitter and LinkedIn to browse more unique written content we article.
Some parts of this article are sourced from:
thehackernews.com