Critical Vulnerability in Juniper Networks Products

Juniper Networks has released security updates addressing a critical vulnerability (CVE-2024-21591) in their SRX Series firewalls and EX Series switches. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform Denial of Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device.

The critical vulnerability affects the following Juniper Networks Junos OS SRX Series and EX Series:

• Junos OS versions earlier than 20.4R3-S9;

• Junos OS 21.2 versions earlier than 21.2R3-S7;

• Junos OS 21.3 versions earlier than 21.3R3-S5;

• Junos OS 21.4 versions earlier than 21.4R3-S5;

• Junos OS 22.1 versions earlier than 22.1R3-S4;

• Junos OS 22.2 versions earlier than 22.2R3-S3;

• Junos OS 22.3 versions earlier than 22.3R3-S2;

• Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3
  

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.bleepingcomputer.com/news/security/juniper-warns-of-critical-rce-bug-in-its-firewalls-and-switches/#google_vignette

https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US