January 12, 2024 at 12:40PM
Juniper Networks has addressed a critical pre-auth remote code execution vulnerability affecting SRX Series firewalls and EX Series switches, tracked as CVE-2024-21591. Vulnerable Junos OS versions are listed, and admins are urged to apply security updates or disable the J-Web interface. CISA also warned of a previous exploit on Juniper devices.
The key takeaways from the meeting notes are as follows:
1. Juniper Networks has released security updates to address a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The vulnerability, tracked as CVE-2024-21591, can allow unauthenticated threat actors to gain root privileges or launch denial-of-service (DoS) attacks.
2. The vulnerability exists in the J-Web configuration interfaces of the affected devices and is caused by the use of an insecure function allowing an attacker to overwrite arbitrary memory.
3. Juniper has provided a list of vulnerable Junos OS versions affected by the SRX Series and EX Series J-Web bug, along with the corresponding versions in which the bug has been addressed.
4. Admins are advised to immediately apply the security updates or upgrade JunOS to the latest release, or at least disable the J-Web interface to remove the attack vector. Another temporary workaround is to restrict J-Web access to only trusted network hosts until patches are deployed.
5. More than 8,200 Juniper devices with Internet-exposed J-Web interfaces have been identified, with a significant number located in South Korea. This information is based on data from Shadowserver and Shodan.
6. Additional information is provided regarding previous security alerts related to Juniper vulnerabilities, including warnings from CISA and details about exploited vulnerabilities.
7. The U.S. cybersecurity agency issued a directive requiring federal agencies to secure their Internet-exposed or misconfigured networking equipment, such as Juniper firewalls and switches, within a specific timeframe following the discovery of vulnerabilities.
Please let me know if you need further information or if there are specific actions to be taken based on these takeaways.