CVE-2024-21591

Name: CVE-2024-21591
Creator: NVD / NIST
Published: 2024-01-12T01:15:46.697+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 17.67%

Last modified Jun 17, 2026

CVE-2024-21591 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. . EPSS estimates a 17.67% chance of exploitation in the next 30 days.

Description

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

17.67%

96.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Junos	20.4
Juniper	Junos	21.2
Juniper	Junos	21.3
Juniper	Junos	21.4
Juniper	Junos	22.1
Juniper	Junos	22.2
Juniper	Junos	22.3
Juniper	Junos	22.4

References

https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.htmlExploit, Third Party Advisory
https://supportportal.juniper.net/JSA75729Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NThird Party Advisory
https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.htmlExploit, Third Party Advisory
https://supportportal.juniper.net/JSA75729Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NThird Party Advisory

Timeline

Published: Jan 12, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-21591?

How severe is CVE-2024-21591?

CVE-2024-21591 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 17.67% probability of exploitation in the next 30 days.

How do I fix CVE-2024-21591?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-21591?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST