- 33/2024
- High
Juniper has released security updates to fix several vulnerabilities across multiple Juniper products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, trigger cross-site scripting attacks, or execute arbitrary code and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Juniper Networks Junos OS Cross-Site Scripting (CVE-2024-21620):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Juniper Networks Junos OS on SRX Series File Upload (CVE-2024-21619):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Affected Products:
- Juniper Networks Junos OS.
- Juniper Networks SRX Series.
- Juniper Networks EX Series.
- Juniper Apstra.
Vulnerabilities
- CVE-2024-21619
- CVE-2023-36846
- CVE-2024-21620
- CVE-2023-36851
- CVE-2023-48795
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.