Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
Juniper Networks已发布更新,以修复其SRX系列防火墙和EX系列交换机中的严重远程代码执行(RCE)漏洞。
The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system.
此问题被标记为CVE-2024-21591,在CVSS评分系统中得分为9.8。
"An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device," the company said in an advisory.
"Juniper Networks Junos OS SRX系列和EX系列中J-Web的越界写漏洞允许未经身份验证的基于网络的攻击者在设备上造成拒绝服务(DoS)或远程代码执行(RCE)并获取根权限," 该公司在一份咨询中表示。
The networking equipment major, which is set to be acquired by Hewlett Packard Enterprise (HPE) for $14 billion, said the issue is caused by use of an insecure function allowing a bad actor to overwrite arbitrary memory.
这家网络设备巨头将被惠普企业(HPE)以140亿美元收购,该公司表示,该问题是由于使用不安全功能导致恶意操作者可以覆盖任意内存。
The flaw impacts the following versions, and has been fixed in versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later -
该缺陷影响以下版本,并已在版本20.4R3-S9,21.2R3-S7,21.3R3-S5,21.4R3-S5,22.1R3-S4,22.2R3-S3,22.3R3-S2,22.4R2-S2,22.4R3,23.2R1-S1,23.2R2,23.4R1以及后续版本中得到修复。
-
Junos OS versions earlier than 20.4R3-S9
早于20.4R3-S9的Junos OS版本
-
Junos OS 21.2 versions earlier than 21.2R3-S7
早于21.2R3-S7的Junos OS 21.2版本
-
Junos OS 21.3 versions earlier than 21.3R3-S5
早于21.3R3-S5的Junos OS 21.3版本
-
Junos OS 21.4 versions earlier than 21.4R3-S5
早于21.4R3-S5的Junos OS 21.4版本
-
Junos OS 22.1 versions earlier than 22.1R3-S4
早于22.1R3-S4的Junos OS 22.1版本
-
Junos OS 22.2 versions earlier than 22.2R3-S3
早于22.2R3-S3的Junos OS 22.2版本
-
Junos OS 22.3 versions earlier than 22.3R3-S2, and
早于22.3R3-S2的Junos OS 22.3版本
-
Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3
早于22.4R2-S2,22.4R3的Junos OS 22.4版本
As temporary workarounds until the fixes are deployed, the company recommends that users disable J-Web or restrict access to only trusted hosts.
在修复部署之前,该公司建议用户暂时禁用J-Web或限制访问只限于受信任的主机。
Also resolved by Juniper Networks is a high-severity bug in Junos OS and Junos OS Evolved (CVE-2024-21611, CVSS score: 7.5) that could be weaponized by an unauthenticated, network-based attacker to cause a DoS condition.
Juniper Networks也解决了Junos OS和Junos OS Evolved中的一个高严重性漏洞(CVE-2024-21611,CVSS得分:7.5),该漏洞可以被未经身份验证的基于网络的攻击者用于造成DoS状况。
While there is no evidence that the vulnerabilities are being exploited in the wild, multiple security shortcomings affecting the company's SRX firewalls and EX switches were abused by threat actors last year.
尽管没有证据表明这些漏洞在野外被利用,但去年威胁行为者滥用了影响公司SRX防火墙和EX交换机的多个安全缺陷。
原文始发于微信公众号(知机安全):Juniper SRX防火墙和EX交换机中发现的关键RCE漏洞
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论