Juniper Patches Critical RCE Flaw in Junos OS, Dozens of Other Vulnerabilities

Executive Summary

Juniper Networks has issued a critical security bulletin addressing multiple vulnerabilities in its Junos OS, with the most severe being a flaw that allows unauthenticated, remote attackers to execute arbitrary code on affected devices. This vulnerability, tracked as CVE-2024-2973, affects the J-Web interface and poses a significant risk to network infrastructure integrity. The advisory, released on April 10, 2024, includes patches for over two dozen other security issues ranging in severity from medium to critical. Organizations are urged to apply the relevant updates immediately.

Technical Analysis

The critical vulnerability, CVE-2024-2973, resides within the J-Web interface of Junos OS on SRX Series firewalls and EX Series switches. According to Juniper's advisory, the flaw is an Out-of-Bounds Write issue. An attacker can exploit this by sending a specially crafted HTTP request to the J-Web server. Successful exploitation grants the attacker the ability to execute code with root privileges on the underlying FreeBSD operating system, leading to a complete compromise of the device. The attack vector is network-based, requires no user interaction, and crucially, does not demand authentication, making it highly exploitable. The exact mechanism of the out-of-bounds write was not detailed in the public advisory. Other patched vulnerabilities include multiple high-severity flaws in the Junos OS kernel and routing protocol daemon (RPD) that could lead to denial-of-service (DoS) conditions.

Tactics, Techniques & Procedures

Based on the nature of CVE-2024-2973, a likely exploitation chain would involve the following TTPs:

• Reconnaissance (TA0043): Scanning for Juniper SRX or EX Series devices with the J-Web interface exposed to untrusted networks.
• Initial Access (TA0001): Exploiting a Public-Facing Application (T1190) via a malicious HTTP request to the vulnerable J-Web endpoint, bypassing authentication requirements.
• Execution (TA0002): Leveraging the out-of-bounds write to achieve Command and Scripting Interpreter: Unix Shell (T1059.004) execution with root privileges. This flaw provides a direct path from external network access to full system control, aligning with the Exploit Public-Facing Application technique.

Threat Actor Context

There is no public evidence of active exploitation of CVE-2024-2973 prior to the patch release. However, the technical details of the vulnerability—being remote, unauthenticated, and leading to root-level code execution—make it a prime candidate for rapid integration into the arsenals of both opportunistic threat actors and state-sponsored groups. Network infrastructure devices like firewalls and switches are high-value targets for espionage, network persistence, and traffic manipulation. The lack of authentication required significantly lowers the barrier to entry for exploitation.

Mitigations & Recommendations

The primary and most effective mitigation is to apply the Junos OS software updates provided by Juniper Networks. The company has released fixed versions for multiple supported branches, including 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, and others. Organizations should consult the official Juniper security bulletin (JSA75700) for the complete list of patched versions. If patching cannot be performed immediately, a critical workaround is to disable the J-Web interface entirely and use out-of-band (OOB) management or the Junos OS CLI for device administration. As a standard security practice, management interfaces for critical network infrastructure should never be exposed directly to the internet.