Thousands of Juniper devices were found vulnerable to a critical flaw which allows threat actors to execute malicious code remotely and without the need for authentication.
The Register reported a vulnerability tracked as CVE202421591. Described as an outofbounds write flaw, the vulnerability carries a severity score of 9.8/10, and allows hackers to obtain root privileges, cause denial of service, or run code remotely.
It was discovered in Juno OS’ JWeb configuration interface.
Patches and workarounds
The publication also says, citing data from Censys, that more than 11,500 devices are vulnerable, including all powered by:
Junos OS versions earlier than 20.4R3S9
Junos OS 21.2 versions earlier than 21.2R3S7
Junos OS 21.3 versions earlier than 21.3R3S5
Junos OS 22.1 versions earlier than 22.1R3S4
Junos OS 22.2 versions earlier than 22.2R3S3
Junos OS 22.3 versions earlier than 22.3R3S2
Junos OS 22.4 versions earlier than 22.4R2S2, 22.4R3
The most exposed endpoint seems to be SRX110H2VA, a firewall whose end of life was reached back in 2018. The majority of potential victims is located in South Korea, with some found in the US, Hong Kong, and China.
There is no evidence of the vulnerability being exploited in the wild, Juniper said, but now that the cat is out of the bag, it’s only a matter of time before hackers start scanning for vulnerable devices. Admins who can’t apply the patch for any reason should disable JWeb, or limit access to only trusted sources, Juniper added.
Applying the patch is the best way to remain secure from potential threats, but admins seem to be very slow. In late August last year, Juniper patched a similarly dangerous vulnerability (9.8) but it turns out most endpoints are yet to be patched.