Thousands of Juniper devices were found vulnerable to a critical flaw which allows threat actors to execute malicious code remotely and without the need for authentication.
The Register reported a vulnerability tracked as CVE-2024-21591. Described as an out-of-bounds write flaw, the vulnerability carries a severity score of 9.8/10, and allows hackers to obtain root privileges, cause denial of service, or run code remotely.
It was discovered in Juno OS’ J-Web configuration interface.
Patches and workarounds
The publication also says, citing data from Censys, that more than 11,500 devices are vulnerable, including all powered by:
Junos OS versions earlier than 20.4R3-S9
Junos OS 21.2 versions earlier than 21.2R3-S7
Junos OS 21.3 versions earlier than 21.3R3-S5
Junos OS 21.4 versions earlier than 21.4R3-S5
Junos OS 22.1 versions earlier than 22.1R3-S4
Junos OS 22.2 versions earlier than 22.2R3-S3
Junos OS 22.3 versions earlier than 22.3R3-S2
Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3
The most exposed endpoint seems to be SRX110H2-VA, a firewall whose end of life was reached back in 2018. The majority of potential victims is located in South Korea, with some found in the US, Hong Kong, and China.
There is no evidence of the vulnerability being exploited in the wild, Juniper said, but now that the cat is out of the bag, it’s only a matter of time before hackers start scanning for vulnerable devices. Admins who can’t apply the patch for any reason should disable J-Web, or limit access to only trusted sources, Juniper added.
Applying the patch is the best way to remain secure from potential threats, but admins seem to be very slow. In late August last year, Juniper patched a similarly dangerous vulnerability (9.8) but it turns out most endpoints are yet to be patched.