An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
The vulnerability results from the use of an unsafe function in the J-Web component, which allows an attacker to overwrite arbitrary memory areas of the device (arbitrary memory overwrite). An attacker operating over the network, without any authentication and user interaction, can craft an appropriate request leading to a buffer overflow write beyond boundaries (out-of-bounds write, CWE-787). Consequently, it is possible to take full control of the device or cause its unavailability.
An attacker can obtain root privileges on the device and take complete control of it by executing arbitrary code (RCE), or cause a denial of service (DoS) preventing proper device operation.
Junos OS should be updated as soon as possible to versions containing patches: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, or 22.4R3 (and newer). If immediate patch deployment is not possible, it is recommended to disable access to the J-Web interface or restrict access to it only from trusted IP addresses.
Juniper Networks Junos OS on SRX Series and EX Series devices: versions prior to 20.4R3-S9; 21.2 prior to 21.2R3-S7; 21.3 prior to 21.3R3-S5; 21.4 prior to 21.4R3-S5; 22.1 prior to 22.1R3-S4; 22.2 prior to 22.2R3-S3; 22.3 prior to 22.3R3-S2; 22.4 prior to 22.4R2-S2 and 22.4R3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJuniper Junos
OSJuniper20.421.221.321.422.122.222.322.4< 20.4
Related vulnerabilities
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, proc...