Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-21619

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Published

2024-01-25T23:15:09.467

Last Modified

2024-11-21T08:54:44.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-209
CWE-306
Type: Primary
CWE-209
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Hardware	juniper	ex_redundant_power_system	-	No
Hardware	juniper	ex_rps	-	No
Hardware	juniper	ex2200	-	No
Hardware	juniper	ex2200-c	-	No
Hardware	juniper	ex2200-vc	-	No
Hardware	juniper	ex2300	-	No
Hardware	juniper	ex2300-24mp	-	No
Hardware	juniper	ex2300-24p	-	No
Hardware	juniper	ex2300-24t	-	No
Hardware	juniper	ex2300-48mp	-	No
Hardware	juniper	ex2300-48p	-	No
Hardware	juniper	ex2300-48t	-	No
Hardware	juniper	ex2300-c	-	No
Hardware	juniper	ex2300_multigigabit	-	No
Hardware	juniper	ex2300m	-	No
Hardware	juniper	ex3200	-	No
Hardware	juniper	ex3300	-	No
Hardware	juniper	ex3300-vc	-	No
Hardware	juniper	ex3400	-	No
Hardware	juniper	ex4100	-	No
Hardware	juniper	ex4100-f	-	No
Hardware	juniper	ex4100_multigigabit	-	No
Hardware	juniper	ex4200	-	No
Hardware	juniper	ex4200-vc	-	No
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4300-24p	-	No
Hardware	juniper	ex4300-24p-s	-	No
Hardware	juniper	ex4300-24t	-	No
Hardware	juniper	ex4300-24t-s	-	No
Hardware	juniper	ex4300-32f	-	No
Hardware	juniper	ex4300-32f-dc	-	No
Hardware	juniper	ex4300-32f-s	-	No
Hardware	juniper	ex4300-48mp	-	No
Hardware	juniper	ex4300-48mp-s	-	No
Hardware	juniper	ex4300-48p	-	No
Hardware	juniper	ex4300-48p-s	-	No
Hardware	juniper	ex4300-48t	-	No
Hardware	juniper	ex4300-48t-afi	-	No
Hardware	juniper	ex4300-48t-dc	-	No
Hardware	juniper	ex4300-48t-dc-afi	-	No
Hardware	juniper	ex4300-48t-s	-	No
Hardware	juniper	ex4300-48tafi	-	No
Hardware	juniper	ex4300-48tdc	-	No
Hardware	juniper	ex4300-48tdc-afi	-	No
Hardware	juniper	ex4300-mp	-	No
Hardware	juniper	ex4300-vc	-	No
Hardware	juniper	ex4300_multigigabit	-	No
Hardware	juniper	ex4300m	-	No
Hardware	juniper	ex4400	-	No
Hardware	juniper	ex4400-24x	-	No
Hardware	juniper	ex4400_multigigabit	-	No
Hardware	juniper	ex4500	-	No
Hardware	juniper	ex4500-vc	-	No
Hardware	juniper	ex4550	-	No
Hardware	juniper	ex4550-vc	-	No
Hardware	juniper	ex4550\/vc	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4600-vc	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	ex6200	-	No
Hardware	juniper	ex6210	-	No
Hardware	juniper	ex8200	-	No
Hardware	juniper	ex8200-vc	-	No
Hardware	juniper	ex8208	-	No
Hardware	juniper	ex8216	-	No
Hardware	juniper	ex9200	-	No
Hardware	juniper	ex9204	-	No
Hardware	juniper	ex9208	-	No
Hardware	juniper	ex9214	-	No
Hardware	juniper	ex9250	-	No
Hardware	juniper	ex9251	-	No
Hardware	juniper	ex9253	-	No
Hardware	juniper	srx100	-	No
Hardware	juniper	srx110	-	No
Hardware	juniper	srx1400	-	No
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx1600	-	No
Hardware	juniper	srx210	-	No
Hardware	juniper	srx220	-	No
Hardware	juniper	srx2300	-	No
Hardware	juniper	srx240	-	No
Hardware	juniper	srx240h2	-	No
Hardware	juniper	srx240m	-	No
Hardware	juniper	srx300	-	No
Hardware	juniper	srx320	-	No
Hardware	juniper	srx340	-	No
Hardware	juniper	srx3400	-	No
Hardware	juniper	srx345	-	No
Hardware	juniper	srx3600	-	No
Hardware	juniper	srx380	-	No
Hardware	juniper	srx4000	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4300	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx4700	-	No
Hardware	juniper	srx5000	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx550	-	No
Hardware	juniper	srx550_hm	-	No
Hardware	juniper	srx550m	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No
Hardware	juniper	srx650	-	No

References

https://supportportal.juniper.net/JSA76390 Vendor Advisory ([email protected])
https://supportportal.juniper.net/JSA76390 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)