Juniper Networks Junos OS Product Security Update Advisory (CVE-2024-21591)
Overview
Juniper has released a security update that fixes vulnerabilities in products supplied by Juniper. Users of affected systems are advised to update to the latest version.
Affected Products
Juniper Networks Junos OS SRX Series and EX Series:
Junos OS All versions prior to 20.4R3-S9
Junos OS 21.2: All versions prior to 21.2R3-S7.
Junos OS 21.3: All versions prior to 21.3R3-S5.
Junos OS 21.4: All versions prior to 21.4R3-S5.
Junos OS 22.1: All versions prior to 22.1R3-S4.
Junos OS 22.2: All versions prior to 22.2R3-S3.
Junos OS 22.3: All versions prior to 22.3R3-S2.
Junos OS 22.4: All versions prior to 22.4R2-S2, 22.4R3.
* see “Product Affected” on each post on the reference site to determine which products are vulnerable.
Resolved Vulnerabilities
An out-of-bounds write vulnerability exists in the J-Web interface of Juniper Networks Junos OS SRX Series and EX Series,
preAuth Remote Code Execution vulnerability that could allow a network-based attacker to cause a denial of service (DoS) and remote code execution (RCE), and possibly gain root privileges on the device. (CVE-2024-21591) [1]
Vulnerability Patches
Operators of Juniper equipment with vulnerable Juniper software installed should check the “Solution” on this site to apply the patch or the “Workaround” on this site to apply the security settings.
Referenced Sites