Junos OS RCE Vulnerability - 20240226002

LSerki · Feb 26, 2024 · 1085825 · 1085825
1 parent 7ce4db9
commit 1085825
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/docs/advisories/20240226002-Junos-OS-RCE-Vulnerability.md b/docs/advisories/20240226002-Junos-OS-RCE-Vulnerability.md
@@ -0,0 +1,17 @@
+# Junos OS RCE Vulnerability - 20240226002
+
+## Overview
+
+A vulnerability has been discovered in the Junos OS, successful exploitation could allow for remote code execution.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity     | CVSS |
+| ------------------- | ------- | ------------ | ---- |
+| **All versions of Junos OS on SRX Series and EX Series** |  [CVE-2024-21591](https://nvd.nist.gov/vuln/detail/CVE-2024-21591)       | **Critical** | 9.8  |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution (CVE-2024-21591)](https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US)