CVE-2024-21591

Exploit

EPSS 23.48%
Published 12.01.2024 01:15:46
Last modified 05.05.2025 14:11:31
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.

This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.

This issue affects Juniper Networks Junos OS SRX Series and EX Series:



  *  Junos OS versions earlier than 20.4R3-S9;
  *  Junos OS 21.2 versions earlier than 21.2R3-S7;
  *  Junos OS 21.3 versions earlier than 21.3R3-S5;
  *  Junos OS 21.4 versions earlier than 21.4R3-S5;
  *  Junos OS 22.1 versions earlier than 22.1R3-S4;
  *  Junos OS 22.2 versions earlier than 22.2R3-S3;
  *  Junos OS 22.3 versions earlier than 22.3R3-S2;
  *  Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version < 20.4

Juniper ≫ Junos Version20.4 Update-

Juniper ≫ Junos Version20.4 Updater1

Juniper ≫ Junos Version20.4 Updater1-s1

Juniper ≫ Junos Version20.4 Updater2

Juniper ≫ Junos Version20.4 Updater2-s1

Juniper ≫ Junos Version20.4 Updater2-s2

Juniper ≫ Junos Version20.4 Updater3

Juniper ≫ Junos Version20.4 Updater3-s1

Juniper ≫ Junos Version20.4 Updater3-s2

Juniper ≫ Junos Version20.4 Updater3-s3

Juniper ≫ Junos Version20.4 Updater3-s4

Juniper ≫ Junos Version20.4 Updater3-s5

Juniper ≫ Junos Version20.4 Updater3-s6

Juniper ≫ Junos Version20.4 Updater3-s7

Juniper ≫ Junos Version20.4 Updater3-s8

Juniper ≫ Junos Version21.2 Update-

Juniper ≫ Junos Version21.2 Updater1

Juniper ≫ Junos Version21.2 Updater1-s1

Juniper ≫ Junos Version21.2 Updater1-s2

Juniper ≫ Junos Version21.2 Updater2

Juniper ≫ Junos Version21.2 Updater2-s1

Juniper ≫ Junos Version21.2 Updater2-s2

Juniper ≫ Junos Version21.2 Updater3

Juniper ≫ Junos Version21.2 Updater3-s1

Juniper ≫ Junos Version21.2 Updater3-s2

Juniper ≫ Junos Version21.2 Updater3-s3

Juniper ≫ Junos Version21.2 Updater3-s4

Juniper ≫ Junos Version21.2 Updater3-s5

Juniper ≫ Junos Version21.2 Updater3-s6

Juniper ≫ Junos Version21.3 Update-

Juniper ≫ Junos Version21.3 Updater1

Juniper ≫ Junos Version21.3 Updater1-s1

Juniper ≫ Junos Version21.3 Updater1-s2

Juniper ≫ Junos Version21.3 Updater2

Juniper ≫ Junos Version21.3 Updater2-s1

Juniper ≫ Junos Version21.3 Updater2-s2

Juniper ≫ Junos Version21.3 Updater3

Juniper ≫ Junos Version21.3 Updater3-s1

Juniper ≫ Junos Version21.3 Updater3-s2

Juniper ≫ Junos Version21.3 Updater3-s3

Juniper ≫ Junos Version21.3 Updater3-s4

Juniper ≫ Junos Version21.4 Update-

Juniper ≫ Junos Version21.4 Updater1

Juniper ≫ Junos Version21.4 Updater1-s1

Juniper ≫ Junos Version21.4 Updater1-s2

Juniper ≫ Junos Version21.4 Updater2

Juniper ≫ Junos Version21.4 Updater2-s1

Juniper ≫ Junos Version21.4 Updater2-s2

Juniper ≫ Junos Version21.4 Updater3

Juniper ≫ Junos Version21.4 Updater3-s1

Juniper ≫ Junos Version21.4 Updater3-s2

Juniper ≫ Junos Version21.4 Updater3-s3

Juniper ≫ Junos Version21.4 Updater3-s4

Juniper ≫ Junos Version22.1 Update-

Juniper ≫ Junos Version22.1 Updater1

Juniper ≫ Junos Version22.1 Updater1-s1

Juniper ≫ Junos Version22.1 Updater1-s2

Juniper ≫ Junos Version22.1 Updater2

Juniper ≫ Junos Version22.1 Updater2-s1

Juniper ≫ Junos Version22.1 Updater2-s2

Juniper ≫ Junos Version22.1 Updater3

Juniper ≫ Junos Version22.1 Updater3-s1

Juniper ≫ Junos Version22.1 Updater3-s2

Juniper ≫ Junos Version22.1 Updater3-s3

Juniper ≫ Junos Version22.2 Update-

Juniper ≫ Junos Version22.2 Updater1

Juniper ≫ Junos Version22.2 Updater1-s1

Juniper ≫ Junos Version22.2 Updater1-s2

Juniper ≫ Junos Version22.2 Updater2

Juniper ≫ Junos Version22.2 Updater2-s1

Juniper ≫ Junos Version22.2 Updater2-s2

Juniper ≫ Junos Version22.2 Updater3

Juniper ≫ Junos Version22.2 Updater3-s1

Juniper ≫ Junos Version22.2 Updater3-s2

Juniper ≫ Junos Version22.3 Update-

Juniper ≫ Junos Version22.3 Updater1

Juniper ≫ Junos Version22.3 Updater1-s1

Juniper ≫ Junos Version22.3 Updater1-s2

Juniper ≫ Junos Version22.3 Updater2

Juniper ≫ Junos Version22.3 Updater2-s1

Juniper ≫ Junos Version22.3 Updater2-s2

Juniper ≫ Junos Version22.3 Updater3

Juniper ≫ Junos Version22.3 Updater3-s1

Juniper ≫ Junos Version22.4 Update-

Juniper ≫ Junos Version22.4 Updater1

Juniper ≫ Junos Version22.4 Updater1-s1

Juniper ≫ Junos Version22.4 Updater1-s2

Juniper ≫ Junos Version22.4 Updater2

Juniper ≫ Junos Version22.4 Updater2-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	23.48%	0.956

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
sirt@juniper.net	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html

Third Party Advisory

Exploit

https://supportportal.juniper.net/JSA75729

Vendor Advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21591

EUVD