Juniper Networks has launched safety updates to repair a essential pre-auth distant code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
Found within the units’ J-Web configuration interfaces and tracked as CVE-2024-21591, this essential safety flaw can be exploited by unauthenticated menace actors to get root privileges or launch denial-of-service (DoS) assaults in opposition to unpatched units.
“This situation is brought on by means of an insecure operate permitting an attacker to overwrite arbitrary reminiscence,” the corporate defined in a safety advisory revealed Wednesday.
Juniper added that its Security Incident Response Team has no proof that the vulnerability is being exploited within the wild.
The full checklist of susceptible Junos OS variations affected by the SRX Series and EX Series J-Web bug consists of:
- Junos OS variations sooner than 20.4R3-S9
- Junos OS 21.2 variations sooner than 21.2R3-S7
- Junos OS 21.3 variations sooner than 21.3R3-S5
- Junos OS 21.4 variations sooner than 21.4R3-S5
- Junos OS 22.1 variations sooner than 22.1R3-S4
- Junos OS 22.2 variations sooner than 22.2R3-S3
- Junos OS 22.3 variations sooner than 22.3R3-S2
- Junos OS 22.4 variations sooner than 22.4R2-S2, 22.4R3
The bug has been addressed in Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3 , 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.
Admins are suggested to right away apply the safety updates or improve JunOS to the newest launch or, at the least, disable the J-Web interface to take away the assault vector.
Another momentary workaround is to limit J-Web entry to solely trusted community hosts till patches are deployed.
According to information from nonprofit web safety group Shadowserver, greater than 8,200 Juniper units have their J-Web interfaces uncovered on-line, most from South Korea (Shodan additionally tracks over 9,000).
CISA additionally warned in November of a Juniper pre-auth RCE exploit used within the wild, chaining 4 bugs tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847 and impacted the corporate’s SRX firewalls and EX switches.
The alert got here months after ShadowServer detected the primary exploitation makes an attempt on August 25, one week after Juniper launched patches and as quickly as watchTowr Labs launched a proof-of-concept (PoC) exploit.
In September, vulnerability intelligence agency VulnCheck discovered hundreds of Juniper units nonetheless susceptible to assaults utilizing this exploit chain.
CISA added the 4 bugs to its Known Exploited Vulnerabilities Catalog on November 17, tagging them as “frequent assault vectors for malicious cyber actors” with “important dangers to the federal enterprise.”
The US cybersecurity company issued the primary binding operational directive (BOD) of the 12 months final June, requiring federal businesses to safe their Internet-exposed or misconfigured networking gear (equivalent to Juniper firewalls and switches) inside a two-week window following discovery.