Security Advisory

Juniper Networks Junos OS Product Security Update Advisory (CVE-2024-21619, CVE-2024-21620)

  • Jan 25 2024

Overview

An update is available to fix vulnerabilities in Junos OS from Juniper Networks (https://supportportal.juniper.net/). Users of affected versions are advised to update to the latest version.

 

Affected Products

CVE-2024-21619

  • 20.all versions prior to 4R3-S9
  • 21.all versions prior to 21.2R3-S7 of version 2
  • 21.all versions before 21.3R3-S5 in version 3
  • 21.any version of 4 before 21.4R3-S6
  • 22.any version before 22.1R3-S5 in version 1
  • 22.any version before 22.2R3-S3 in 2 versions
  • 22.any version before 22.3R3-S2 in version 3
  • 22.any version before 22.4R3 in version 4
  • 23.all versions before 23.2R1-S2, 23.2R2 in 2 versions

CVE-2024-21620

  • 20.all versions before 4R3-S10
  • 21.any version before 21.2R3-S8 in 2 versions
  • 21.all versions before 21.4R3-S6 in 4 versions
  • 22.all versions before 22.1R3-S5 in version 1
  • 22.any version before 22.2R3-S3 in 2 versions
  • 22.any version before 22.3R3-S2 in version 3
  • 22.any version before 22.4R3-S1 in version 4
  • 23.any version before 23.2R2 in 2 versions
  • 23.any version of 4 before 23.4R2

 

Resolved Vulnerabilities

CVE-2024-21619

  • An omission of disclosure vulnerability in the Junos OS that could result in the disclosure of sensitive configuration information

 

CVE-2024-21620

  • Cross-site scripting (XSS) vulnerability in the Junos OS that could allow arbitrary commands with attacker privileges to be executed via a specially crafted request

 

Vulnerability Patches

Vulnerability patches were made available in the January 25, 2024 update. Users of all versions of FFmpeg below n6.1 are advised to update to the latest vulnerability patches

CVE-2024-21619

  • 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1 and all subsequent releases

 

CVE-2024-21620

  • 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2 and all subsequent releases

 

Referenced Sites

[1] CVE-2024-21619 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21619
[2] CVE-2024-21620 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-21620
[3] 2024-01 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web have been addressed
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US

Tags:

Previous Post

Next Post