Critical Remote Code Execution (RCE) Vulnerability Found in Juniper SRX Firewalls and EX Switches

critical safetyloopholes:CVE-2024-21591

cyber securityJuniper Networks, a Juniper Networks vendor, has released a security update that fixes a critical vulnerability in its SRX Series firewalls and EX Series switches.remote code execution (RCE) vulnerability, which is numbered CVE-2024-21591, received a high score of 9.8 on the CVSS scoring system, indicating a high-risk security vulnerability.

Vulnerability Impact and Harm

The vulnerability exists in the J-Web service and can be exploited to cause a Disruption of Service (DoS) or Remote Code Execution (RCE) and ultimately gain the highest privileges on a device without authentication, just over the network. This means that an attacker could take full control of a firewall or switch and perform arbitrary actions, including stealing data, planting malware, or disrupting network operations.

Affected and Fixed Versions

The following Junos OS versions are affected:

• All versions earlier than 20.4R3-S9
• All 21.2 releases earlier than 21.2R3-S7
• All 21.3 releases earlier than 21.3R3-S5
• All 21.4 releases earlier than 21.4R3-S5
• All 22.1 releases earlier than 22.1R3-S4
• All 22.2 releases earlier than 22.2R3-S3
• All 22.3 releases earlier than 22.3R3-S2
• All 22.4 releases earlier than 22.4R2-S2 or 22.4R3

The following Junos OS versions have fixed the vulnerability:

• 20.4R3-S9 and above
• 21.2R3-S7 and above
• 21.3R3-S5 and above
• 21.4R3-S5 and above
• 22.1R3-S4 and above
• 22.2R3-S3 and above
• 22.3R3-S2 and above
• 22.4R2-S2 and above
• 22.4R3 and higher
• 23.2R1-S1 and above
• 23.2R2 and higher
• 23.4R1 and higher

Interim mitigation measures

Juniper Networks recommends that users take the following interim measures before upgrading to a fixed version:

• Disabling J-Web Services
• Allow only trusted hosts to access the J-Web service

Another high-risk vulnerability (CVE-2024-21611)

In addition to the CVE-2024-21591 vulnerability, Juniper Networks has patched another high-risk vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved, which is classified as high-risk (CVSS score 7.5) and can also be exploited by an unauthenticated cyberattacker to cause a Disruption of Service (DoS).

 Security recommendations

To protect the security of your network, Juniper Networks strongly recommends that all SRX Firewall and EX Switch users immediately upgrade to a version that has fixed the vulnerability. In addition, the following security measures should be taken:

• Regular updating of operating systems and security software
• Use strong passwords and enable dual authentication
• Regular security vulnerability scanning and assessment
• Monitor and analyze network traffic

Please note that while there is currently no evidence that these vulnerabilities are being exploited, cyber attackers may soon begin to exploit them. Therefore, it is important to take timely and effective measures to secure your network.