Networking equipment manufacturer Juniper Networks has released patches to address a critical vulnerability in its firewalls and switches. The bug, designated CVE-2024-21591 and rated 9.8 on the common vulnerability scoring system, is an out-of-bounds write vulnerability in the J-Web component of Junos OS, used by the SRX series firewalls and EX series switches.
The vulnerability allows unauthenticated threat actors with network access to execute arbitrary code, potentially leading to the installation of malware or ransomware, a denial of service (DoS) condition, or the elevation of privileges.
Juniper Networks has advised affected users to disable the J-Web and restrict access to the devices to trusted hosts until the patch can be installed.
Juniper Networks has also fixed a high-severity vulnerability (CVE-2024-21611) in its Junos and Junos Evolved operating systems that could be abused by unauthenticated threat actors with network access to cause a DoS condition.
Source: The Hacker News
Analysis
In November 2023, Juniper announced five similar vulnerabilities that were quickly exploited by threat actors despite patches being available.
Juniper has indicated it has not observed any active exploitation of these new vulnerabilities however, given this recent history, it’s likely only a matter of time before threat actors develop and deploy exploits against these devices.
It’s extremely important that affected users patch these systems to lower their risk of an incident.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in devices and software like Juniper devices and operating systems. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software and devices are detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of the affected Juniper Networks devices to install the latest security patch as soon as possible.
Related articles
