Juniper: Emergency update for Junos OS on SRX series

After emergency updates from Juniper Networks for Session Smart Routers were already necessary on Friday, the company is now following up with an out-of-sequence update for the Junos OS on devices in the SRX series. They seal a denial-of-service vulnerability.

Insufficient checking for unusual or exception conditions in the packet forwarding engine (PFE) of the Junos OS on SRX series devices enables unauthenticated attackers from the network to provoke a denial of service. If SRX devices receive certain valid traffic directed to the device, this causes the PFE to crash and reboot. Attackers can cause a persistent DoS situation by repeatedly sending such traffic (CVE-2024-21586, CVSS 7.5, risk"high"). According to the CVSS 4.0 criteria, the vulnerability even achieves a rating of CVSS 8.7, just short of "critical" risk.

Updates plug the security leak

In the Juniper Networks security announcement, the authors name the affected versions. Junos OS on SRX devices in the 21.4, 22.1, 22.2, 22.3 and 22.4 series are vulnerable. Some updates are only minimal release jumps, Juniper explains, which is why the last digit should be noted as the minimum version for the fixed versions. The versions 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3 and 22.4R3 seal the gap. Versions prior to 21.4R1 are not vulnerable.

Although Juniper is not yet aware of any exploits in the wild, the authors of the press release explain that the vulnerability has often occurred in production environments. IT managers will receive the updates via the channels known to them. They should install the updates quickly in order to minimize the attack surface for cyber criminals.

Last week's emergency update patched a security vulnerability classified as critical. It affected the Session Smart Router, Session Smart Conductor and WAN Assurance Router from Juniper Networks. If these routers or conductors were running in redundant high-availability configurations, authentication could be bypassed.

(dmk)