CVE-2024-21591
Published: 12 January 2024
Summary
CVE-2024-21591 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Juniper Junos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An Out-of-bounds Write vulnerability exists in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series devices. It stems from use of an insecure function that permits overwriting of arbitrary memory. The flaw affects all Junos OS releases prior to 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, and 22.4R2-S2/22.4R3, and carries a CVSS 3.1 score of 9.8.
An unauthenticated network-based attacker can send specially crafted requests to the J-Web interface to trigger the flaw. Successful exploitation can result in a denial of service or full remote code execution with root privileges on the affected device.
Juniper’s advisory JSA75729 and the listed fixed releases indicate that mitigation requires upgrading to one of the patched Junos OS versions. No other workarounds are described in the supplied references.
EPSS for the CVE reached a peak of 0.2504 after disclosure before receding to the current value of 0.1669, indicating a measurable increase in observed exploitation interest following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19239
Vulnerability details
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the…
more
device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in J-Web enables unauthenticated remote exploitation of public-facing web application (T1190) for privilege escalation to root via RCE (T1068) or endpoint DoS via application exploitation (T1499.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.