With the release of security upgrades, Juniper Networks has taken significant precautions to protect its EX Series switches and SRX Series firewalls. This action is a reaction to the identification of CVE-2024-21591, a critical pre-auth remote code execution (RCE) vulnerability. This vulnerability, which is included in the devices’ J-Web configuration interfaces, is dangerous since it might provide unauthorized actors the ability to take over devices that aren’t patched and use them to perform denial-of-service (DoS) attacks or obtain root access.
Cause Principal and Explicit
According to information released by Juniper Networks, the vulnerability’s primary cause is the use of an unsafe function that lets an attacker rewrite any memory. Despite the obvious seriousness of the vulnerability, the business guarantees consumers that no active exploitation of the weakness has been found in the wild by its Security Incident Response Team.
Versions Affected and Patching
The SRX Series and EX Series J-Web bugs are susceptible to several Junos OS versions. Older versions of 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, and 22.4R2-S2, 22.4R3, are among those that are impacted. The vulnerability in Junos OS versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all later releases have been swiftly fixed by the business.
Suggested Course of Action
It is highly suggested that administrators take urgent action to close the potential attack vector by installing these security patches, updating JunOS to the most recent release, or, at the very least, turning off the J-Web interface. It’s also advised to limit J-Web access to trustworthy network hosts as a temporary solution until the updates are successfully applied.
Range of Exposure
More than 8,200 Juniper devices—the majority of which are based in South Korea—have revealed their J-Web interfaces online, according to data from the nonprofit internet security group Shadowserver. The Cybersecurity and Infrastructure Security Agency (CISA) warned in November about an actively exploited Juniper pre-auth RCE exploit, which increased the urgency of the problem. This exploit severely damaged Juniper’s SRX firewalls and EX switches. It involved four issues, identified as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847.
The Urgency and Response of CISA
CISA added the four issues to its Known Exploited Vulnerabilities Catalogue in response to the persistent danger, classifying them as ‘common attack vectors for malicious cyber actors’ that pose ‘ significant threats to the federal organization.’ Underscoring the gravity of the situation, the U.S. cybersecurity agency last June issued the first binding operational directive (BOD) of the year, requiring federal agencies to secure their networking equipment—including Juniper firewalls and switches—that is exposed to the internet or that has been incorrectly configured, within a two-week window of discovery.
Read More Articles About Tech: privacy in pixels- a blueprint for mobile app and online safety
The prompt and proactive way in which Juniper Networks addressed the vulnerabilities that were discovered highlights the vital significance of enhanced security protocols and timely updates. It is recommended that administrators give top priority to putting security measures in place so that their network architecture remains resilient and intact against ever-changing cyber threats.