New data from Censys shows that more than 11,000 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability.
Tracked as CVE-2024-21591, the issue is an out-of-bounds write error in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. A remote non-authenticated attacker can cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.
The flaw affects the following versions: Junos OS versions earlier than 20.4R3-S9; Junos OS 21.2 versions earlier than 21.2R3-S7; Junos OS 21.3 versions earlier than 21.3R3-S5; Junos OS 21.4 versions earlier than 21.4R3-S5; Junos OS 22.1 versions earlier than 22.1R3-S4; Junos OS 22.2 versions earlier than 22.2R3-S3; Junos OS 22.3 versions earlier than 22.3R3-S2; Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.
The vendor has fixed the vulnerability in Junos OS versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.
Censys said it observed over 11,500 J-Web interfaces exposed on the internet, mainly in Asia, with notable exposure in South Korea and Hong Kong.
In other news, cybersecurity firm Bishop Fox warned that there are more than 178,000 SonicWall firewalls online that are vulnerable to at least one of the two security flaws (CVE-2022-22274 and CVE-2023-0656) that could be exploited to perform a denial-of-service (DoS) attack and achieve remote code execution (RCE).
