Numerous security issues impacting Juniper Networks' Junos OS and its J-Web configuration interface leveraged by its EX switches and SRX firewalls have been resolved as part of recently issued updates, reports SecurityWeek.
Attackers could leverage the most severe vulnerability a cross-site scripting bug, tracked as CVE-2024-21620 to facilitate malicious URL creation that could later enable arbitrary command execution with escalated privileges, while exploitation of the CVE-2024-21619 could allow sensitive data exposure across targeted networks, according to Juniper Networks.
On the other hand, exploitation of missing authentication flaws, tracked as CVE-2023-36846 and CVE-2023-36851, could allow arbitrary file uploading and downloading for unauthenticated actors and compromise file system integrity. While no active abuse of the vulnerabilities has been reported, organizations have been recommended to deactivate J-Web or limit its access.
Organizations have also been urged by the Cybersecurity and Infrastructure Security Agency to immediately apply the released patches and review the advisory provided by Juniper.