Cyber security news for all


    Juniper Networks Releases Urgent Junos OS Updates for Critical Flaws

    Juniper Networks has hastily released updates to address critical vulnerabilities in SRX Series and EX Series, posing a potential risk of exploitation by malicious actors to seize control of vulnerable systems.

    The identified vulnerabilities, assigned CVE-2024-21619 and CVE-2024-21620, are inherent to the J-Web component, impacting all versions of Junos OS. Additionally, two previously disclosed shortcomings, CVE-2023-36846 and CVE-2023-36851, were acknowledged by the company in August 2023.

    CVE-2024-21619 (CVSS score: 5.3) – A vulnerability involving missing authentication, potentially leading to the exposure of sensitive configuration information.

    CVE-2024-21620 (CVSS score: 8.8) – A cross-site scripting (XSS) vulnerability with the potential to execute arbitrary commands within the target’s permissions through a specifically crafted request.

    The cybersecurity firm watchTowr Labs is credited with discovering and reporting these issues. The company has addressed both vulnerabilities in the following Junos OS versions:

    For CVE-2024-21619: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.

    For CVE-2024-21620: 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, and all subsequent releases.

    As a temporary measure until the fixes are deployed, Juniper Networks recommends users disable J-Web or restrict access to only trusted hosts.

    Recent Articles

    Related Stories