{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-21591","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2023-12-27T19:38:25.704Z","datePublished":"2024-01-12T00:52:04.028Z","dateUpdated":"2024-10-25T20:23:00.384Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["SRX Series","EX Series"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"20.4R3-S9","status":"affected","version":"0","versionType":"semver"},{"lessThan":"21.2R3-S7","status":"affected","version":"21.2","versionType":"semver"},{"lessThan":"21.3R3-S5","status":"affected","version":"21.3","versionType":"semver"},{"lessThan":"21.4R3-S5","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.1R3-S4","status":"affected","version":"22.1","versionType":"semver"},{"lessThan":"22.2R3-S3","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.3R3-S2","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R2-S2, 22.4R3","status":"affected","version":"22.4","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The following minimal configuration must be present on the device:</p><tt>[system services web-management http]</tt><p>or</p><tt>[system services web-management https]</tt>"}],"value":"The following minimal configuration must be present on the device:\n\n[system services web-management http]or\n\n[system services web-management https]"}],"credits":[{"lang":"en","type":"reporter","value":"The Juniper SIRT would like to would like to acknowledge and thank Marco Lux of Curesec for responsibly reporting this vulnerability"}],"datePublic":"2024-01-10T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<p>An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.</p><p>This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.</p><p>This issue affects Juniper Networks Junos OS SRX Series and EX Series:</p><p></p><ul><li>Junos OS versions earlier than 20.4R3-S9;</li><li>Junos OS 21.2 versions earlier than 21.2R3-S7;</li><li>Junos OS 21.3 versions earlier than 21.3R3-S5;</li><li>Junos OS 21.4 versions earlier than 21.4R3-S5;</li><li>Junos OS 22.1 versions earlier than 22.1R3-S4;</li><li>Junos OS 22.2 versions earlier than 22.2R3-S3;</li><li>Junos OS 22.3 versions earlier than 22.3R3-S2;</li><li>Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.</li></ul><p></p>\n\n"}],"value":"\nAn Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.\n\nThis issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.\n\nThis issue affects Juniper Networks Junos OS SRX Series and EX Series:\n\n\n\n  *  Junos OS versions earlier than 20.4R3-S9;\n  *  Junos OS 21.2 versions earlier than 21.2R3-S7;\n  *  Junos OS 21.3 versions earlier than 21.3R3-S5;\n  *  Junos OS 21.4 versions earlier than 21.4R3-S5;\n  *  Junos OS 22.1 versions earlier than 22.1R3-S4;\n  *  Junos OS 22.2 versions earlier than 22.2R3-S3;\n  *  Junos OS 22.3 versions earlier than 22.3R3-S2;\n  *  Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n"}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-02-09T23:35:58.570Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA75729"},{"tags":["technical-description"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"tags":["third-party-advisory"],"url":"https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.</p>"}],"value":"The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\n"}],"source":{"advisory":"JSA75729","defect":["1747984"],"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2024-01-10T17:00:00.000Z","value":"Initial Publication"},{"lang":"en","time":"2024-02-09T20:00:00.000Z","value":"Added third-party advisory reference link"}],"title":"Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Disable J-Web, or limit access to only trusted hosts.</p>"}],"value":"Disable J-Web, or limit access to only trusted hosts.\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-av217"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:27:34.836Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://supportportal.juniper.net/JSA75729"},{"tags":["technical-description","x_transferred"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"tags":["third-party-advisory","x_transferred"],"url":"https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-25T20:22:34.376222Z","id":"CVE-2024-21591","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-25T20:23:00.384Z"}}]}}