Junos Jweb RCE OOB write

Le Lab Gatewatcher D


Affected versions

Juniper SRX and EX Series Equipment:

  • Junos OS versions earlier than 20.4R3-S9
  • Junos OS 21.2 versions earlier than 21.2R3-S7
  • Junos OS 21.3 versions earlier than 21.3R3-S5
  • Junos OS 21.4 versions earlier than 21.4R3-S5
  • Junos OS 22.1 versions earlier than 22.1R3-S4
  • Junos OS 22.2 versions earlier than 22.2R3-S3
  • Junos OS 22.3 versions earlier than 22.3R3-S2
  • Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3



On January 10, 2024, Juniper released a security bulletin concerning a vulnerability in the web interface of their SRX (firewall) and EX (switch) series devices. This vulnerability, identified as CVE-2024-21591, has a CVSS score of 9.8. 

Indeed, this vulnerability is categorized as an Out-of-Bound Write, meaning it allows writing to a normally unreachable area of memory. 

Exploiting this vulnerability can lead an unauthenticated user to varied scenarios, ranging from unavailability caused by a denial of service (DoS) to more severe situations, such as remote code execution (RCE). 




To date, there is limited information about this vulnerability as no proof of concept or report is available. Our teams, however, remain attentive to any new information that may be published. 




The provider has already released the necessary patches with the following versions: 

Junos OS: 

  • 20.4R3-S9  
  • 21.2R3-S7  
  • 21.3R3-S5  
  • 21.4R3-S5  
  • 22.1R3-S4  
  • 22.2R3-S3  
  • 22.3R3-S2  
  • 22.4R2-S2  
  • 22.4R3  
  • 23.2R1-S1  
  • 23.2R2  
  • 23.4R1 

Although there doesn’t appear to be any clear sign of observed exploitation, the criticality of these devices necessitates promptly updating vulnerable equipment. 

The manufacturer’s recommendation in cases where rapid updating is not possible is simply to disable the J-Web interface or, alternatively, limit access to the J-Web interface to a limited number of trusted hosts. 




Author: Purple Team Gatewatcher