CVE-2024-21620 — HIGH (8.8)

Q: How severe is CVE-2024-21620?

CVE-2024-21620 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21620?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex Rps, Juniper Ex2200, Juniper Ex2200-C.

Vulnerability Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Ex Redundant Power System	-
Juniper	Ex Rps	-
Juniper	Ex2200	-
Juniper	Ex2200-C	-
Juniper	Ex2200-Vc	-
Juniper	Ex2300	-
Juniper	Ex2300-24Mp	-
Juniper	Ex2300-24P	-
Juniper	Ex2300-24T	-
Juniper	Ex2300-48Mp	-
Juniper	Ex2300-48P	-
Juniper	Ex2300-48T	-
Juniper	Ex2300-C	-
Juniper	Ex2300 Multigigabit	-
Juniper	Ex2300M	-
Juniper	Ex3200	-
Juniper	Ex3300	-
Juniper	Ex3300-Vc	-
Juniper	Ex3400	-

Related Weaknesses (CWE)

CWE-79

References

https://supportportal.juniper.net/JSA76390Vendor Advisory
https://supportportal.juniper.net/JSA76390Vendor Advisory

FAQ

What is CVE-2024-21620?

CVE-2024-21620 is a vulnerability with a CVSS score of 8.8 (HIGH). An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct ...

How severe is CVE-2024-21620?

CVE-2024-21620 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21620?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex Rps, Juniper Ex2200, Juniper Ex2200-C.