Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL PRE-AUTH RCE IN JUNOS SRX SERIES AND EX SERIES J-WEB, PATCH IMMEDIATELY!
Image
Published : 12/01/2024
Reference:
Advisory #2024-04
Version:
1.0
Affected software:
Junos OS 21.2 versions earlier than 21.2R3-S7;
Junos OS 21.3 versions earlier than 21.3R3-S5;
Junos OS 21.4 versions earlier than 21.4R3-S5;
Junos OS 22.1 versions earlier than 22.1R3-S4;
Junos OS 22.2 versions earlier than 22.2R3-S3;
Junos OS 22.3 versions earlier than 22.3R3-S2;
Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
Junos OS versions earlier than 20.4R3-S9;
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2024-21591:CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Juniper Security Bulletin - https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US
Risks
A vulnerability in the J-Web component of Junos OS SRX Series and EX Series allows an unauthenticated remote attacker to cause a Denial of Service (DoS) or Remote Code Execution (RCE) with root privileges on the device. This poses a significant threat to the Confidentiality, Integrity, and Availability (CIA) triad of information security. This vulnerability could lead to a complete device takeover. A compromised device could be used by attackers to pivot into your organization or exfiltrate sensitive data.
Description
CVE-2024-21591 is an Out-of-bounds Write vulnerability in J-Web used in Junos OS SRX Series and EX Series. Successful exploitation of an insecure function allows an attacker to overwrite arbitrary memory. Exploitation can result in a Denial of Service (DoS) or Remote Code Execution (RCE) with root privileges on the device.
To be vulnerable, at least one of the following configurations needs to be used on the device:
- [system services web-management http]
- [system services web-management https]
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update Junos OS to one of the following versions (or newer): 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1.
Alternatively, a workaround is possible by disabling J-Web or limiting access to trusted hosts.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591