National Cyber Warfare Foundation (NCWF) Forums


Juniper Networks released out-of-band updates to fix high-severity flaws


0 user ratings		2024-01-30 16:08:11
milo
Blue Team (CND)
 - archive -- 
Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems. Juniper Networks has released out-of-band updates to address two high-severity flaws, tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible […

Juniper Networks released out-of-band updates to fix high-severity flaws in SRX Series and EX Series that can allow attackers to take over unpatched systems.





Juniper Networks has released out-of-band updates to address two high-severity flaws, tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.





The flaw CVE-2024-21619 (CVSS score: 5.3) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can chain this issue with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series to access sensitive system information.





“When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder.” reads the advisory. “An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.”





The flaw CVE-2024-21620 (CVSS score: 8.8) is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series. An attacker can trigger the flaw to craft a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.





The vendor also addressed two other vulnerabilities respectively tracked as CVE-2023-36846 and CVE-2023-36851:






  • CVE-2023-36846 (CVSS score: 5.3) – A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.




  • CVE-2023-36851 (CVSS score: 5.3) – A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. 





The vulnerability was reported by cybersecurity firm watchtowr. As a workaround the company recommends disabling J-Web, or limiting access to only trusted hosts





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, Juniper Networks)











Source: SecurityAffairs
Source Link: https://securityaffairs.com/158341/security/juniper-networks-flaws-srx-series-ex-series.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


© Copyright 2012 through 2024 - National Cyber War Foundation - All rights reserved worldwide.