Imechapishwa: Jan 15, 2024 15:21
Advisory No: TZCERT/SA/2024/01/15
Source: Juniper
Software Affected: All versions of Junos OS on SRX Series and EX Series.
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Successfully exploitation of the vulnerability could result in an attacker taking control of the affected system.
This is caused by the Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.
Successful exploitation of this vulnerability may allow a remote attacker to cause Denial of Service (DoS) or take control of the affected system.
Juniper has released software updates to resolve this specific issue on: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.