Juniper Networks releases urgent Junos OS updates for very serious bugs

Juniper Networks

Juniper Networks has released out-of-band updates for to address very serious deficiencies in the SRX series and EX series that can be exploited by a threat actor to take control of sensitive systems.

The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and affect all versions of Junos OS. Two other flaws, CVE-2023-36846 and CVE-2023-36851, were previously announced by the company in August 2023.

  • CVE-2024-21619 (CVSS score: 5.3) – A missing authentication vulnerability that could lead to sensitive configuration information being exposed
  • CVE-2024-21620 (CVSS Score: 8.8) – A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target’s permissions via a specially crafted request

Cybersecurity company watchTowr Labs has been credited discovering and reporting the problems. The two vulnerabilities have been fixed in the following versions:

  • CVE-2024-21619 – 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases
  • CVE-2024-21620 – 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2 and all subsequent releases

As a workaround until the fixes are implemented, the company recommends that users disable J-Web or limit access to only trusted hosts.

It is worth noting that both CVE-2023-36846 and CVE-2023-36851 were added to the Known Exploited Vulnerabilities (KEV) catalog by the US Cybersecurity and Infrastructure Security Agency (CISA) in November 2023, based on evidence of active exploitation .

Earlier this month, Juniper Networks also released fixes to address a critical vulnerability in the same products (CVE-2024-21591, CVSS score: 9.8) that could allow an attacker to cause a denial of service (DoS) or execution of remote code and gain root privileges on the devices.

#Juniper #Networks #releases #urgent #Junos #updates #bugs

Notify of
Inline Feedbacks
View all comments
Previous Post
Outlook Vulnerability

Researchers discover how a vulnerability in Outlook could leak your NTLM passwords

Next Post
ZLoader Malware

New ZLoader Malware Variant surfaces with 64-bit Windows compatibility

Related Posts