Important RCE Vulnerability Exposed in Juniper SRX Firewalls and EX Switches

 Jan 13, 2024 NewsroomVulnerability / Community Safety
Juniper Networks has launched an replace to mend a far off error (RCE) vulnerability in its SRX Sequence switches and EX Sequence switches. This factor, coded as CVE-2024-21591, has a score of 9.8 at the CVSS machine. “J-Internet vulnerability coding of Juniper Networks Junos OS SRX Sequence and EX Sequence lets in an unauthenticated attacker, a community person to purpose a Denial-of-Carrier (DoS) or Far off Code Execution (RCE) and achieve get entry to to the software,” the corporate mentioned. in counseling. The community operator, which is predicted to be obtained through Hewlett Packard Endeavor (HPE) for $ 14 billion, mentioned that the issue is brought about by means of an insecure characteristic that permits an attacker to jot down reminiscence indiscriminately.

The mistake impacts the next variations, and is fastened in variations 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S4R2, 2 -S2, 22.4 R3, 23.2R1-S1, 23.2R2, 23.4R1, and later – Junos OS variations previous than 20.4R3-S9 Junos OS 21.2 Variations previous than 21.2R3-S7 Junos OS 21.1 Variations 3 Junos OS variations previous than 21.4 than 21.4R3-S5 Junos OS 22.1 variations previous than 22.1R3-S4 Junos OS 22.2 variations previous than 22.2R3-S3 Junos OS 22.3 variations previous than 22.3R3-S2, and Junos2.2.2 OS2 variations previous than S2, 22.4R3 As running briefly till a repair is ​​put in, the corporate recommends that customers flip off J-Internet or block handiest relied on customers.

Additionally resolved through Juniper Networks is essentially the most unhealthy virus in Junos OS and Junos OS Advanced (CVE-2024-21611, CVSS rating: 7.5) which can also be provided with an unauthorized, Web attacker to create a DoS situation. Even though there is not any proof that the assaults are getting used within the wild, a number of safety flaws affecting the corporate's SRX firewalls and EX switches had been exploited through attackers previously 12 months.

Did you to find this newsletter fascinating? Apply us on Twitter  and LinkedIn to learn extra of our content material.

Author: OpenAI