CVE-2024-21620 is a cross-site scripting (XSS) vulnerability affecting Juniper Networks Junos OS J-Web in SRX and EX series. This vulnerability enables an attacker to construct a URL that, when visited by another user, allows the execution of commands with the permissions of the target, including an administrator. The severity of this vulnerability is high, with a CVSS score of 8.8. It is recommended to update Junos OS to versions that have addressed this issue. You can find more information about this vulnerability in the Juniper Network support portal.
Vulnerable versions to CVE-2024-21620
According to the information published by Juniper, the versions vulnerable to CVE-2024-21620 are as follows:
- All versions earlier than 20.4R3-S10
- Versions 21.2 prior to 21.2R3-S8
- Versions 21.4 prior to 21.4R3-S6
- Versions 22.1 prior to 22.1R3-S5
- Versions 22.2 prior to 22.2R3-S3
- Versions 22.3 prior to 22.3R3-S2
- Versions 22.4 prior to 22.4R3-S1
- Versions 23.2 prior to 23.2R2
- Versions 23.4 prior to 23.4R2
CVE-2024-21620 – Workaround
If you are unable to update Junos OS immediately, you can implement some temporary protective measures, such as:
1.Disable access to J-Web from untrusted or public networks.
2.Restrict J-Web access to authorized and trusted users only.
3.Utilize a VPN or secure tunnel for J-Web access.
4.Monitor network traffic and J-Web logs to detect potential attacks.
While these measures can mitigate the risk of exploiting this vulnerability, they do not eliminate it entirely. Therefore, I strongly recommend updating Junos OS as soon as possible.
Update Junos OS
Junos® OS Software Installation and Upgrade Guide: This is a comprehensive Juniper Networks guide that provides relevant information for updating Junos OS and related software. It covers aspects such as software packages, upgrading and downgrading Junos OS versions, backup and system recovery procedures, firmware installation and updates, storage media, and unattended provisioning.
Other vulnerability related – CVE-2024-21619
| CVE | CVSS | Summary |
|---|---|---|
| CVE-2024-21619 | 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) | A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. |
Vulnerable versions to CVE-2024-21619
CVE-2024-21619 is an authentication bypass vulnerability for a critical function combined with an error message generation flaw containing sensitive information in Juniper Networks Junos OS J-Web on SRX and EX series. This vulnerability allows an unauthenticated, network-based attacker to access sensitive system information.
According to the information provided by Juniper, the versions vulnerable to CVE-2024-21619 are as follows:
- All versions earlier than 20.4R3-S9
- Versions 21.2 prior to 21.2R3-S7
- Versions 21.3 prior to 21.3R3-S5
- Versions 21.4 prior to 21.4R3-S6
- Versions 22.1 prior to 22.1R3-S5
- Versions 22.2 prior to 22.2R3-S3
- Versions 22.3 prior to 22.3R3-S2
- Versions 22.4 prior to 22.4R3
- Versions 23.2 prior to 23.2R1-S2, 23.2R22
