4 Junos OS Vulnerabilities Fixed, Update Now

Juniper Network's Junos OS Vulnerabilities Revealed
Developers of Junos OS released a patch for 4 vulnerabilities in the software

In the latest security bulletin, Juniper Networks announced the release of fixes for a selection of vulnerabilities in their Junos OS. Among the fixed flaws is a high-severity one that got the CVSS score of 8.8. However, the fix is currently available only for this and another, less severe vulnerability.

Junos OS Vulnerabilities Allow for Data Leaks and XSS

The most recent “out-of-cycle” bulletin released by Juniper Networks notifies about 4 critical vulnerabilities in different editions of their Junos OS. SRX and EX Series of their network operating system are susceptible to the attacks that can lead to user data leak, upload and download of arbitrary files and even cross-site scripting. The latter – CVE-2024-21620 – is considered a high-severity flaw, gaining CVSS score of 8.8. As the description says, with a specifically crafted URL that is sent to the target user the attackers gain the ability to execute the commands with the privileges of the target – up to administrator level.

Vulnerability CVSS Score Description
CVE-2024-21620 8.8 XSS attack w/privileges hijack through a specifically crafted URL
CVE-2024-21619 5.3 User system configuration leak upon login
CVE-2023-36851 5.3 Arbitrary file download/upload through a specific request
CVE-2023-36846 5.3 Arbitrary file upload through a specific request

Other flaws, however, are not things you can ignore as well. Despite all 3 having the severity score of only 5.3, they allow the attacker to have limited, though sensible impact on the environment. CVE-2024-21619, makes it possible to leak the user machine configuration when the one connects to the vulnerable network.

CVE-2023-36846 and CVE-2023-36851 are similar to each other, as their successful exploitation allows for arbitrary files download and upload. Despite providing only limited access to the files and requiring a rather deep access to the system, both are rather easy to exploit, as they do not require any authentication. This allows these flaws to be the basis for chain exploitation together with other vulnerabilities. Such a trick is a rather widespread approach in the lateral movement stage of cyberattacks.

Juniper Networks Fixes J-Web Vulnerabilities

Fortunately for numerous users of Junos OS, there are fixes available for all the vulnerabilities present in the list. The latest releases of Junos OS fixes only the CVE-2024… vulnerabilities. The ones marked as ones from the past year – CVE-2023-36846 and CVE-2023-36851 – were fixed in earlier releases. Below you can see the table of versions that have the vulnerabilities fixed.

Vulnerability Safe Junos OS version
CVE-2024-21620 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2
CVE-2024-21619 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1
CVE-2023-36851 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22,4R2-S2, 22.4R3, 23.2R1-S2, 23.2R2
CVE-2023-36846 21.1R1, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3

At the moment when the bulletin was published, not all the mentioned patches were available. In fact, among ones that fix the CVE-2024 vulnerabilities, there is only one – 20.4R3-S9, that patches the CVE-2024-21619 – was available. All others are pending publication, which is what to be expected when it comes to such a wide number of versions to be covered.

Aside from the patches, the developer also offers a couple of workarounds. Clients are advised to either disable the J-Web interface entirely, or at least limit the access to it from untrusted places. Well, as it usually happens to workarounds, it is helpful, though rather limiting and inconvenient.

4 Junos OS Vulnerabilities Fixed, Update Now

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *