Brother
Professional
- Messages
- 2,590
- Reaction score
- 483
- Points
- 83
Juniper Networks encourages customers to upgrade their firewalls and switches as soon as possible.
Juniper has released updates to address a critical Remote Code Execution (RCE) vulnerability in its Juniper SRX series firewalls and Juniper EX series switches.
The vulnerability, identified as CVE-2024-21591, is rated 9.8 on the CVSS scale. The company's official statement reads:: "An off-dedicated block write vulnerability in J-Web Juniper Networks Junos OS SRX and EX series allows an unauthenticated remote attacker to cause Denial of service (DoS) or Remote Code Execution (RCE), and gain administrator rights on the device."
According to Juniper Networks, which will soon be acquired by Hewlett Packard Enterprise (HPE) for $ 14 billion, the problem arose due to the use of an insecure feature that allows an attacker to overwrite arbitrary parts of memory.
According to the company, the vulnerability affects the following versions of Junos OS: 20. 4R3-S9, 21. 2R3-S7, 21. 3R3-S5, 21. 4R3-S5, 22. 1R3-S4, 22. 2R3-S3, 22. 3R3-S2, 22. 4R2-S2, 22.4R3 and earlier. In turn, the vulnerability has already been fixed in versions 20. 4R3-S9, 21. 2R3-S7, 21. 3R3-S5, 21. 4R3-S5, 22. 1R3-S4, 22.2R3-S3, 22. 3R3-S2, 22. 4R2-S2, 22.4R3, 23. 2R1-S1, 23. 2R2, 23. 4R1 and later.
As a temporary precaution before installing patches, the company recommends disabling J-Web or restricting access to trusted hosts only.
Juniper Networks also recently fixed a high-risk vulnerability in Junos OS and Junos OS Evolved ( CVE-2024-21611, CVSS rating: 7.5), which could be used by attackers to cause denial of service (DoS) attacks.
While there is no evidence that the vulnerabilities identified are ubiquitous, in the past year, dark hackers have already abused numerous security flaws affecting SRX firewalls and EX switches.
Juniper has released updates to address a critical Remote Code Execution (RCE) vulnerability in its Juniper SRX series firewalls and Juniper EX series switches.
The vulnerability, identified as CVE-2024-21591, is rated 9.8 on the CVSS scale. The company's official statement reads:: "An off-dedicated block write vulnerability in J-Web Juniper Networks Junos OS SRX and EX series allows an unauthenticated remote attacker to cause Denial of service (DoS) or Remote Code Execution (RCE), and gain administrator rights on the device."
According to Juniper Networks, which will soon be acquired by Hewlett Packard Enterprise (HPE) for $ 14 billion, the problem arose due to the use of an insecure feature that allows an attacker to overwrite arbitrary parts of memory.
According to the company, the vulnerability affects the following versions of Junos OS: 20. 4R3-S9, 21. 2R3-S7, 21. 3R3-S5, 21. 4R3-S5, 22. 1R3-S4, 22. 2R3-S3, 22. 3R3-S2, 22. 4R2-S2, 22.4R3 and earlier. In turn, the vulnerability has already been fixed in versions 20. 4R3-S9, 21. 2R3-S7, 21. 3R3-S5, 21. 4R3-S5, 22. 1R3-S4, 22.2R3-S3, 22. 3R3-S2, 22. 4R2-S2, 22.4R3, 23. 2R1-S1, 23. 2R2, 23. 4R1 and later.
As a temporary precaution before installing patches, the company recommends disabling J-Web or restricting access to trusted hosts only.
Juniper Networks also recently fixed a high-risk vulnerability in Junos OS and Junos OS Evolved ( CVE-2024-21611, CVSS rating: 7.5), which could be used by attackers to cause denial of service (DoS) attacks.
While there is no evidence that the vulnerabilities identified are ubiquitous, in the past year, dark hackers have already abused numerous security flaws affecting SRX firewalls and EX switches.
