top of page
Clipeus

Juniper Networks Firewall RCE



On 10 January 2024, Juniper Networks released a patch for a critical remote code execution (RCE) vulnerability - tracked as CVE-2024-21591 (CVSS 9.8) - impacting the J-Web configuration interface in Junos OS SRX Series and EX Series.


The vulnerability can be triggered without authentication and may lead to execution of arbitrary code with root privileges and to carry out DDOS attacks against the vulnerable instance.


According to the Juniper Networks advisory, vulnerable versions include:


  • Junos OS versions earlier than 20.4R3-S9;

  • Junos OS 21.2 versions earlier than 21.2R3-S7;

  • Junos OS 21.3 versions earlier than 21.3R3-S5;

  • Junos OS 21.4 versions earlier than 21.4R3-S5;

  • Junos OS 22.1 versions earlier than 22.1R3-S4;

  • Junos OS 22.2 versions earlier than 22.2R3-S3;

  • Junos OS 22.3 versions earlier than 22.3R3-S2;

  • Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3


A cursory research of internet-facing web interfaces via Shodan reveals majority of these are located in the United States and South Korea. A considerable number of instances was found in Canada, Japan and Germany. However, such research has no ability to validate whether these instances are vulnerable.


Results Of Search For Juniper Web Interface Instances Via Shodan




If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page