Juniper Networks has launched out-of-band updates to handle higher-severity flaws in SRX Sequence and EX Sequence that could be exploited by a menace actor to consider control of inclined methods.
The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and effect all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-36851, had been previously disclosed by the company in August 2023.
- CVE-2024-21619 (CVSS rating: 5.3) – A missing authentication vulnerability that could guide to exposure of delicate configuration facts
- CVE-2024-21620 (CVSS rating: 8.8) – A cross-website scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target’s permissions by usually means of a specifically crafted ask for
Cybersecurity company watchTowr Labs has been credited with getting and reporting the issues. The two vulnerabilities have been addressed in the adhering to versions –
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
- CVE-2024-21619 – 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases
- CVE-2024-21620 – 20.4R3-S10, 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, and all subsequent releases
As non permanent mitigations right until the fixes are deployed, the firm is recommending that end users disable J-Web or limit entry to only trusted hosts.
It really is worth noting that each CVE-2023-36846 and CVE-2023-36851 had been added to the Known Exploited Vulnerabilities (KEV) catalog in November 2023 by the U.S. Cybersecurity and Infrastructure Security Company (CISA), primarily based on evidence of active exploitation.
Previously this month, Juniper Networks also transported fixes to comprise a critical vulnerability in the exact solutions (CVE-2024-21591, CVSS score: 9.8) that could permit an attacker to result in a denial-of-provider (DoS) or remote code execution and attain root privileges on the system.
Observed this short article exciting? Adhere to us on Twitter and LinkedIn to study much more exclusive written content we submit.
Some pieces of this write-up are sourced from:
thehackernews.com