cbcvebase.
CVE-2024-21591
published 2024-01-12

CVE-2024-21591: An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Affected

21 ranges
VendorProductVersion rangeFixed in
juniperex_series
juniperj-web
juniperjunos< 20.420.4
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos_os
junipersrx_series
juniper_networksjunos_os< 20.4R3-S920.4R3-S9
juniper_networksjunos_os>= 21.2 < 21.2R3-S721.2R3-S7
juniper_networksjunos_os>= 21.3 < 21.3R3-S521.3R3-S5
juniper_networksjunos_os>= 21.4 < 21.4R3-S521.4R3-S5
juniper_networksjunos_os>= 22.1 < 22.1R3-S422.1R3-S4
juniper_networksjunos_os>= 22.2 < 22.2R3-S322.2R3-S3
juniper_networksjunos_os>= 22.3 < 22.3R3-S222.3R3-S2
juniper_networksjunos_os>= 22.4 < 22.4R2-S2, 22.4R322.4R2-S2, 22.4R3