CVE-2024-21586: Juniper SRX Vulnerability Leaves Networks Open to Attack

CVE-2024-21586

Juniper Networks, a leading provider of networking solutions, has issued a critical security advisory warning users of a high-severity vulnerability affecting their SRX Series firewalls. This vulnerability, tracked as CVE-2024-21586 (CVSSv4 8.7), allows unauthenticated attackers to remotely crash the Packet Forwarding Engine (PFE) and cause a denial-of-service (DoS) condition.

CVE-2024-21586

The vulnerability stems from an improper check for unusual or exceptional conditions in the PFE, a crucial component responsible for processing network traffic. By sending specific, valid traffic to the affected device, an attacker can trigger a crash and force the PFE to restart. Continuous exploitation can result in a sustained DoS condition, rendering the firewall and potentially the entire network inaccessible.

The CVE-2024-21586 vulnerability impacts Junos OS versions running on SRX Series firewalls, including:

  • 21.4 versions before 21.4R3-S7.9
  • 22.1 versions before 22.1R3-S5.3
  • 22.2 versions before 22.2R3-S4.11
  • 22.3 versions before 22.3R3
  • 22.4 versions before 22.4R3

Juniper Networks strongly urges all affected users to upgrade to the latest patched versions of Junos OS immediately. The following software releases have been updated to address the vulnerability:

  • 21.4R3-S7.9
  • 22.1R3-S5.3
  • 22.2R3-S4.11
  • 22.3R3
  • 22.4R3
  • 23.2R1

These patched versions are respins of previously released versions, so it is crucial to pay close attention to the last digits of the version number when upgrading.

While Juniper SIRT has not yet observed any active exploitation of this vulnerability in the wild, multiple occurrences have been reported in production environments. This underscores the urgency for users to apply the necessary patches promptly.