Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems.
Juniper Networks has released out-of-band updates to address two high-severity flaws, tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.
The flaw CVE-2024-21619 (CVSS score: 5.3) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can chain this issue with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series to access sensitive system information.
“When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder.” reads the advisory. “An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.”
The flaw CVE-2024-21620 (CVSS score: 8.8) is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series. An attacker can trigger the flaw to craft a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.
The vendor also addressed two other vulnerabilities respectively tracked as CVE-2023-36846 and CVE-2023-36851:
- CVE-2023-36846 (CVSS score: 5.3) – A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
- CVE-2023-36851 (CVSS score: 5.3) – A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
The vulnerability was reported by cybersecurity firm watchtowr. As a workaround the company recommends disabling J-Web, or limiting access to only trusted hosts
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Juniper Networks)