CVE-2024-21619 — MEDIUM (5.3)

Q: How severe is CVE-2024-21619?

CVE-2024-21619 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21619?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex Rps, Juniper Ex2200, Juniper Ex2200-C.

Vulnerability Description

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Ex Redundant Power System	-
Juniper	Ex Rps	-
Juniper	Ex2200	-
Juniper	Ex2200-C	-
Juniper	Ex2200-Vc	-
Juniper	Ex2300	-
Juniper	Ex2300-24Mp	-
Juniper	Ex2300-24P	-
Juniper	Ex2300-24T	-
Juniper	Ex2300-48Mp	-
Juniper	Ex2300-48P	-
Juniper	Ex2300-48T	-
Juniper	Ex2300-C	-
Juniper	Ex2300 Multigigabit	-
Juniper	Ex2300M	-
Juniper	Ex3200	-
Juniper	Ex3300	-
Juniper	Ex3300-Vc	-
Juniper	Ex3400	-

Related Weaknesses (CWE)

CWE-306 CWE-209

References

https://supportportal.juniper.net/JSA76390Vendor Advisory
https://supportportal.juniper.net/JSA76390Vendor Advisory

FAQ

What is CVE-2024-21619?

CVE-2024-21619 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Ser...

How severe is CVE-2024-21619?

CVE-2024-21619 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21619?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex Rps, Juniper Ex2200, Juniper Ex2200-C.