Sources

Juniper Security Bulletin - https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US

Risks

A vulnerability in the J-Web component of Junos OS SRX Series and EX Series allows an unauthenticated remote attacker to cause a Denial of Service (DoS) or Remote Code Execution (RCE) with root privileges on the device. This poses a significant threat to the Confidentiality, Integrity, and Availability (CIA) triad of information security. This vulnerability could lead to a complete device takeover. A compromised device could be used by attackers to pivot into your organization or exfiltrate sensitive data.

Recommended Actions

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Update Junos OS to one of the following versions (or newer): 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1.

Alternatively, a workaround is possible by disabling J-Web or limiting access to trusted hosts.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident.
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591