Today: Dec 26, 2024

Juniper Networks Releases Critical Junos OS Updates to Address High-Risk Flaws

Juniper Networks Releases Critical Junos OS Updates to Address High-Risk Flaws
January 30, 2024



 Jan 30, 2024 NewsroomVulnerability / Network SecurityJuniper Networks Releases Critical Junos OS Updates to Address High-Risk Flaws
Juniper Networks has released urgent updates to fix severe vulnerabilities in the SRX Series and EX Series that could be exploited by attackers to take control of vulnerable systems. The vulnerabilities, known as CVE-2024-21619 and CVE-2024-21620, are found in the J-Web component and impact all versions of Junos OS. In August 2023, the company also disclosed two other bugs, CVE-2023-36846 and CVE-2023-36851. CVE-2024-21619 (CVSS score: 5.3) – An uncommon vulnerability that could lead to the exposure of critical configuration details. Additional CVE-2024-21620 (CVSS score: 8.8) – A scripting vulnerability (XSS) that could result in unauthorized actions with the consent of the target audience through a specially designed request. WatchTowr Labs, a cybersecurity firm, has identified and reported these issues. The fixes for these vulnerabilities are available in the following versions – CVE-2024-21619 – 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R22-S3, 22.2R3-S3, 22 .S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases of CVE-2024-21620 – 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22-22-22, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, and all other releases. As a temporary measure until the fixes are available, the company advises users to disable J-Web or limit access to trusted hosts only.
Cybersecurity
It is important to note that both CVE-2023-36846 and CVE-2023-36851 were added to the list of Known Exploited Vulnerabilities (KEV) by the US Cybersecurity and Infrastructure Security Agency (CISA) in November 2023, based on evidence of exploitation. Juniper Networks also recently sent an update to address a critical vulnerability in the same features (CVE-2024-21591, CVSS score: 9.8) that could enable an attacker to initiate a denial-of-service (DoS) or execute remote code and gain root access on devices.

Did you find this article interesting? Follow us on Twitter  and LinkedIn to read more of our content.

OpenAI
Author: OpenAI

Don't Miss

Recap: Pixel updates, Characteristic Drops, and new apps in 2024

Recap: Pixel updates, Characteristic Drops, and new apps in 2024

In 2024, Made through Google launched main updates with new options for
Dow futures fall greater than 100 issues the day after Christmas: Are living updates

Dow futures fall greater than 100 issues the day after Christmas: Are living updates

A dealer works at the flooring of the New York Inventory Change