Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-21591

Published: 12/01/2024 Updated: 10/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Junos

Vulnerability Summary

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based malicious user to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an malicious user to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos 20.4

juniper junos 21.2

juniper junos 21.3

juniper junos 21.4

juniper junos 22.1

juniper junos 22.2

juniper junos 22.3

juniper junos

juniper junos 22.4

Recent Articles

Thousands of Juniper Networks devices vulnerable to critical RCE bug
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Yet more support for the argument to adopt memory-safe languages

More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches. The latest vulnerability, tracked as CVE-2024-21591, impacts the software's J-Web configuration interface and carries a 9.8 CVSS s...

Read more...

References

CWE-787https://supportportal.juniper.net/JSA75729https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:Nhttps://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2024/01/15/juniper_networks_rce_flaw/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook