CVE-2024-21591

Exploit

EPSS 23.48%
Veröffentlicht 12.01.2024 01:15:46
Zuletzt bearbeitet 05.05.2025 14:11:31
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.

This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.

This issue affects Juniper Networks Junos OS SRX Series and EX Series:



  *  Junos OS versions earlier than 20.4R3-S9;
  *  Junos OS 21.2 versions earlier than 21.2R3-S7;
  *  Junos OS 21.3 versions earlier than 21.3R3-S5;
  *  Junos OS 21.4 versions earlier than 21.4R3-S5;
  *  Junos OS 22.1 versions earlier than 22.1R3-S4;
  *  Junos OS 22.2 versions earlier than 22.2R3-S3;
  *  Junos OS 22.3 versions earlier than 22.3R3-S2;
  *  Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version < 20.4

Juniper ≫ Junos Version20.4 Update-

Juniper ≫ Junos Version20.4 Updater1

Juniper ≫ Junos Version20.4 Updater1-s1

Juniper ≫ Junos Version20.4 Updater2

Juniper ≫ Junos Version20.4 Updater2-s1

Juniper ≫ Junos Version20.4 Updater2-s2

Juniper ≫ Junos Version20.4 Updater3

Juniper ≫ Junos Version20.4 Updater3-s1

Juniper ≫ Junos Version20.4 Updater3-s2

Juniper ≫ Junos Version20.4 Updater3-s3

Juniper ≫ Junos Version20.4 Updater3-s4

Juniper ≫ Junos Version20.4 Updater3-s5

Juniper ≫ Junos Version20.4 Updater3-s6

Juniper ≫ Junos Version20.4 Updater3-s7

Juniper ≫ Junos Version20.4 Updater3-s8

Juniper ≫ Junos Version21.2 Update-

Juniper ≫ Junos Version21.2 Updater1

Juniper ≫ Junos Version21.2 Updater1-s1

Juniper ≫ Junos Version21.2 Updater1-s2

Juniper ≫ Junos Version21.2 Updater2

Juniper ≫ Junos Version21.2 Updater2-s1

Juniper ≫ Junos Version21.2 Updater2-s2

Juniper ≫ Junos Version21.2 Updater3

Juniper ≫ Junos Version21.2 Updater3-s1

Juniper ≫ Junos Version21.2 Updater3-s2

Juniper ≫ Junos Version21.2 Updater3-s3

Juniper ≫ Junos Version21.2 Updater3-s4

Juniper ≫ Junos Version21.2 Updater3-s5

Juniper ≫ Junos Version21.2 Updater3-s6

Juniper ≫ Junos Version21.3 Update-

Juniper ≫ Junos Version21.3 Updater1

Juniper ≫ Junos Version21.3 Updater1-s1

Juniper ≫ Junos Version21.3 Updater1-s2

Juniper ≫ Junos Version21.3 Updater2

Juniper ≫ Junos Version21.3 Updater2-s1

Juniper ≫ Junos Version21.3 Updater2-s2

Juniper ≫ Junos Version21.3 Updater3

Juniper ≫ Junos Version21.3 Updater3-s1

Juniper ≫ Junos Version21.3 Updater3-s2

Juniper ≫ Junos Version21.3 Updater3-s3

Juniper ≫ Junos Version21.3 Updater3-s4

Juniper ≫ Junos Version21.4 Update-

Juniper ≫ Junos Version21.4 Updater1

Juniper ≫ Junos Version21.4 Updater1-s1

Juniper ≫ Junos Version21.4 Updater1-s2

Juniper ≫ Junos Version21.4 Updater2

Juniper ≫ Junos Version21.4 Updater2-s1

Juniper ≫ Junos Version21.4 Updater2-s2

Juniper ≫ Junos Version21.4 Updater3

Juniper ≫ Junos Version21.4 Updater3-s1

Juniper ≫ Junos Version21.4 Updater3-s2

Juniper ≫ Junos Version21.4 Updater3-s3

Juniper ≫ Junos Version21.4 Updater3-s4

Juniper ≫ Junos Version22.1 Update-

Juniper ≫ Junos Version22.1 Updater1

Juniper ≫ Junos Version22.1 Updater1-s1

Juniper ≫ Junos Version22.1 Updater1-s2

Juniper ≫ Junos Version22.1 Updater2

Juniper ≫ Junos Version22.1 Updater2-s1

Juniper ≫ Junos Version22.1 Updater2-s2

Juniper ≫ Junos Version22.1 Updater3

Juniper ≫ Junos Version22.1 Updater3-s1

Juniper ≫ Junos Version22.1 Updater3-s2

Juniper ≫ Junos Version22.1 Updater3-s3

Juniper ≫ Junos Version22.2 Update-

Juniper ≫ Junos Version22.2 Updater1

Juniper ≫ Junos Version22.2 Updater1-s1

Juniper ≫ Junos Version22.2 Updater1-s2

Juniper ≫ Junos Version22.2 Updater2

Juniper ≫ Junos Version22.2 Updater2-s1

Juniper ≫ Junos Version22.2 Updater2-s2

Juniper ≫ Junos Version22.2 Updater3

Juniper ≫ Junos Version22.2 Updater3-s1

Juniper ≫ Junos Version22.2 Updater3-s2

Juniper ≫ Junos Version22.3 Update-

Juniper ≫ Junos Version22.3 Updater1

Juniper ≫ Junos Version22.3 Updater1-s1

Juniper ≫ Junos Version22.3 Updater1-s2

Juniper ≫ Junos Version22.3 Updater2

Juniper ≫ Junos Version22.3 Updater2-s1

Juniper ≫ Junos Version22.3 Updater2-s2

Juniper ≫ Junos Version22.3 Updater3

Juniper ≫ Junos Version22.3 Updater3-s1

Juniper ≫ Junos Version22.4 Update-

Juniper ≫ Junos Version22.4 Updater1

Juniper ≫ Junos Version22.4 Updater1-s1

Juniper ≫ Junos Version22.4 Updater1-s2

Juniper ≫ Junos Version22.4 Updater2

Juniper ≫ Junos Version22.4 Updater2-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.48%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
sirt@juniper.net	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html

Third Party Advisory

Exploit

https://supportportal.juniper.net/JSA75729

Vendor Advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21591

EUVD