CRITICAL🇵🇱 Wersja polska

CVE-2024-21591

CVSS 9.8v3.1pub. 2024-01-12upd. 2025-05-05

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

🤖 AI Analysis
How it works

The vulnerability results from the use of an unsafe function in the J-Web component, which allows an attacker to overwrite arbitrary memory areas of the device (arbitrary memory overwrite). An attacker operating over the network, without any authentication and user interaction, can craft an appropriate request leading to a buffer overflow write beyond boundaries (out-of-bounds write, CWE-787). Consequently, it is possible to take full control of the device or cause its unavailability.

Impact

An attacker can obtain root privileges on the device and take complete control of it by executing arbitrary code (RCE), or cause a denial of service (DoS) preventing proper device operation.

Mitigation & patch

Junos OS should be updated as soon as possible to versions containing patches: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, or 22.4R3 (and newer). If immediate patch deployment is not possible, it is recommended to disable access to the J-Web interface or restrict access to it only from trusted IP addresses.

Who is affected

Juniper Networks Junos OS on SRX Series and EX Series devices: versions prior to 20.4R3-S9; 21.2 prior to 21.2R3-S7; 21.3 prior to 21.3R3-S5; 21.4 prior to 21.4R3-S5; 22.1 prior to 22.1R3-S4; 22.2 prior to 22.2R3-S3; 22.3 prior to 22.3R3-S2; 22.4 prior to 22.4R2-S2 and 22.4R3.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Juniper Junos

    OS
    Juniper
    20.421.221.321.422.122.222.322.4< 20.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSMemory
CWE
References

Related vulnerabilities

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...

CVE-2020-1654CRITICAL9.8ten sam produkt

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, proc...