Juniper Resolves Critical RCE Issues in SRX and EX Devices

No featured articles available

Check back soon for the latest updates and featured content.

Juniper Networks has issued updates to address a critical remote code execution (RCE) vulnerability identified in its SRX Series firewalls and EX Series switches.

Discovered within the J-Web configuration interfaces of various devices and designated as CVE-2024-21591, this critical security vulnerability poses a CVSS score of 9.8.

Exploiting this flaw is possible for unauthenticated threat actors, enabling them to attain root privileges or execute denial-of-service (DoS) attacks on devices that have not been patched. The severity of this issue underscores the urgency of applying the necessary updates to safeguard against potential unauthorized access and service disruptions.

This issue is caused by an insecure function allowing an attacker to overwrite arbitrary memory," the company explained in a security advisory published Wednesday.

Juniper has stated that its Security Incident Response Team has not identified any evidence suggesting that the vulnerability is currently being exploited in real-world scenarios.

The complete list of vulnerable Junos OS versions affected by the SRX Series and EX Series J-Web bug includes:

Junos OS versions earlier than 20.4R3-S9

Junos OS 21.2 versions earlier than 21.2R3-S7

Junos OS 21.3 versions earlier than 21.3R3-S5

Junos OS 21.4 versions earlier than 21.4R3-S5

Junos OS 22.1 versions earlier than 22.1R3-S4

Junos OS 22.2 versions earlier than 22.2R3-S3

Junos OS 22.3 versions earlier than 22.3R3-S2

Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3

The bug has been addressed in Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.

The company advises users to either disable J-Web or limit access exclusively to trusted hosts as interim measures until the permanent fixes are implemented.

Want your digital assets to be protected?

CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Juniper Resolves Critical RCE Issues in SRX and EX Devices

Juniper Networks has issued updates to address a critical remote code execution (RCE) vulnerability identified in its SRX Series firewalls and EX Series switches.

Share Your Story!

No featured articles available

Juniper Networks has issued updates to address a critical remote code execution (RCE) vulnerability identified in its SRX Series firewalls and EX Series switches.

Stay Updated with the Latest Cybersecurity News