A critical RCE in Juniper SRX and EX devices (CVSS 9.8) lets unauthenticated attackers execute remote code via J-Web. Patch now.
Juniper Networks has addressed critical vulnerabilities in its SRX Series firewalls and EX Series switches. The most noteworthy is CVE-2024-21591, an out-of-bounds write remote code execution flaw with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers with network access to the J-Web management interface to execute arbitrary code or trigger a denial-of-service condition.
Affected Versions
Junos OS releases prior to specific fixed builds across the 20.4R3, 21.2R3, 21.3R3, 21.4R3, 22.1R3, 22.2R3, 22.3R3, and 22.4R2 families. Consult the Juniper advisory for exact fix versions.
Immediate Actions
- Patch to a fixed Junos OS release.
- Restrict J-Web access to trusted management networks only — never expose it to the internet.
- Disable J-Web entirely if it is not in use.
- Audit logs for unexpected J-Web activity from unknown sources.
This is exactly the kind of edge appliance flaw that drives initial access for ransomware crews. Treat the patch with the same urgency as a perimeter VPN CVE.
