Critical Juniper SRX Firewalls and EX Switches vulnerability patch now
Does anyone run Juniper firewalls or switches in the home lab or production? Take note of the recent CVSS 9.8 vulnerability for Juniper SRX and EX products.
"Juniper Networks has issued an advisory about an out-of-bounds write issue in the J-Web feature of its Junos OS SRX and EX Series. This vulnerability enables a network-based attacker, without requiring authentication, to potentially cause a Denial-of-Service (DoS) or execute code remotely (RCE) on the device, gaining root access," stated the company.
It looks like Juniper has patched most if not all of the high-severity vulnerabilities:
Juniper has rolled out patches for a set of six critical vulnerabilities in Junos OS and Junos OS Evolved, with a high severity rating that could result in denial of service (DoS). Five of these vulnerabilities are remotely exploitable without authentication.
Among these, two significant vulnerabilities, affecting both Junos OS and Junos OS Evolved, could destabilize devices and compromise the confidentiality and integrity of their operations.
The latest updates for Junos OS and Junos OS Evolved also resolve various medium-severity issues. These vulnerabilities could lead to several problems, including DoS conditions, unauthorized access bypass, system integrity and network connection impacts, system availability issues, leakage of credentials and configuration settings, DMA memory leaks, and improper MAC address forwarding.
Moreover, Juniper has patched a range of medium-severity vulnerabilities in third-party software components used in Junos OS and Junos OS Evolved. These include NTP vulnerabilities and problems with cryptographic algorithms.
Updates addressing these security flaws have been released for multiple versions of Junos OS and Junos OS Evolved, specifically versions 20.4, 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, 23.1, 23.2, and 23.3.