Cyber Resilience

CVE-2024-21591

CriticalPublic PoC

Published: 12 January 2024

Published
12 January 2024
Modified
05 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1669 95.1th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21591 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Juniper Junos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An Out-of-bounds Write vulnerability exists in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series devices. It stems from use of an insecure function that permits overwriting of arbitrary memory. The flaw affects all Junos OS releases prior to 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, and 22.4R2-S2/22.4R3, and carries a CVSS 3.1 score of 9.8.

An unauthenticated network-based attacker can send specially crafted requests to the J-Web interface to trigger the flaw. Successful exploitation can result in a denial of service or full remote code execution with root privileges on the affected device.

Juniper’s advisory JSA75729 and the listed fixed releases indicate that mitigation requires upgrading to one of the patched Junos OS versions. No other workarounds are described in the supplied references.

EPSS for the CVE reached a peak of 0.2504 after disclosure before receding to the current value of 0.1669, indicating a measurable increase in observed exploitation interest following public release.

EU & UK References

Vulnerability details

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the…

more

device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds write in J-Web enables unauthenticated remote exploitation of public-facing web application (T1190) for privilege escalation to root via RCE (T1068) or endpoint DoS via application exploitation (T1499.004).

Affected Assets

juniper
junos
20.4, 21.2, 21.3, 21.4, 22.1 · ≤ 20.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References