CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

🗓️ 12 Jan 2024 00:52:04Reported by juniperType

Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows unauthenticated network-based attacker to cause DoS or RCE

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the J-Web interface on Juniper Networks Junos OS-based operating systems in SRX and EX devices allows a hacker to execute arbitrary code.	15 Jan 202400:00	–	bdu_fstec
Circl	CVE-2024-21591	12 Jan 202402:26	–	circl
CNNVD	Juniper Networks Junos OS Buffer Error Vulnerability	12 Jan 202400:00	–	cnnvd
CVE	CVE-2024-21591	12 Jan 202400:52	–	cve
hivepro	Juniper’s Critical RCE Vulnerability Shakes Network Security	17 Jan 202412:05	–	hivepro
Tenable Nessus	Juniper Junos OS Vulnerability (JSA75729)	28 Apr 202600:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved	12 Jan 202400:00	–	ncsc
NVD	CVE-2024-21591	12 Jan 202401:15	–	nvd
OSV	CVE-2024-21591	12 Jan 202401:15	–	osv
Prion	Cross site scripting	12 Jan 202401:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series",
      "EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S7",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S2",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
first	www.first.org/cvss/calculator/4.0
curesec	www.curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html
supportportal	www.supportportal.juniper.net/JSA75729

09 Feb 2024 23:35Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

EPSS0.1753

CWE-787