"Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches"
Juniper Networks has recently published more than two dozen security advisories to inform customers about well over 100 vulnerabilities affecting its products, with a majority of the flaws impacting third-party components. The company has released patches and mitigations for the vulnerabilities, most of which affect its Junos operating system. The most serious of the flaws is CVE-2024-21591, which affects Junos OS on SRX series firewalls and EX series switches. The company noted that an unauthenticated network-based attacker can exploit the vulnerability to cause a denial-of-service (DoS) condition or execute arbitrary code and obtain root privileges on the targeted appliance. Critical vulnerabilities have also been patched in many third-party components present in Juniper Security Director Insights, Session Smart Router, and CTPView products. A high severity rating has been assigned to 10 vulnerabilities, a majority of which can allow a network-based attacker to cause a DoS condition without requiring authentication. The list of high-severity flaws also includes privilege escalation and sensitive information disclosure issues. Over a dozen security holes are medium severity. A vast majority can be used for DoS attacks, and one could allow an attacker to bypass firewall filters. Juniper is not aware of attacks exploiting these vulnerabilities.