Juniper has patched several vulnerabilities in Junos that posing a range of threats from denial of service to remote code execution.
CVE-2024-21611: A memory leak and eventually a rpd crash
This flaw, identified as CVE-2024-21611, with a CVSS score of 7.5, arises when Juniper Flow Monitoring (jflow) is configured. It manifests as a gradual memory leak in the routing protocol daemon (rpd) during next-hop updates, culminating in a system crash and reboot. There have been no confirmed exploits of this vulnerability. Juniper Networks advises upgrading to revised versions of Junos OS and Junos OS Evolved, specifically 22.3R1, 22.2R3, 22.1R3, 21.4R3, or later.
CVE-2024-21591: J-web allows a preAuth Remote Code Execution
This flaw, identified as CVE-2024-21591, with a CVSS score of 9.8, affecting SRX and EX Series. This out-of-bounds write vulnerability in J-Web allows unauthenticated attackers to execute remote code, gain root privileges, or cause a Denial of Service. Affecting various versions, Juniper has released updates to address this serious flaw.
Juniper has not detected any malicious exploitation of these vulnerabilities, which were uncovered through internal and external security research. The company has swiftly released patches across multiple versions of the OS, urging users to update their systems.
