January 15, 2024 at 02:43PM
Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised to apply patches promptly.
From the meeting notes, the main takeaways are as follows:
1. More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, with the affected devices, primarily being SRX firewalls and EX switches running Junos OS.
2. The latest vulnerability, tracked as CVE-2024-21591, impacts the J-Web configuration interface and has a severity score of 9.8, similar to a previous exploit that was not widely patched.
3. Censys data confirmed the high number of exposed devices, with the SRX110H2-VA firewall being the most exposed despite reaching end of life in 2018.
4. South Korea had the highest number of exposed J-Web interfaces, followed by the US, Hong Kong, and China.
5. The vulnerability allows attackers to exploit an out-of-bounds write flaw, potentially leading to obtaining root privileges, causing denial of service, or RCE without authentication.
6. Juniper Networks has identified vulnerable Junos OS versions that require immediate patching and has provided suggested workarounds for those unable to apply patches quickly.
7. The US Cybersecurity and Infrastructure Security (CISA) issued a directive emphasizing the risks of exposing management interfaces to the public web, requiring federal agencies to take protective measures or limit public exposure.
8. In other news, HPE announced its intent to acquire Juniper Networks in a deal potentially valued at around $14 billion, signaling a significant expansion in HPE’s networking segment business.
These are the key points from the meeting notes regarding the Juniper Networks vulnerability, its implications, and the potential business development involving HPE and Juniper Networks.