Juniper Networks Enhances Security with Fixes for Junos OS Vulnerabilities

EXECUTIVE SUMMARY:

The CVEs CVE-2024-6387, CVE-2024-39894, CVE-2025-21598, and CVE-2025-21599 highlight vulnerabilities of varying severity. CVE-2024-6387, known as "RegreSSHion," is a critical flaw in OpenSSH versions 8.5p1 to 9.7p1, allowing remote code execution due to a signal handler race condition in the server component. CVE-2024-39894 is a high-severity vulnerability in OpenSSH versions 9.5 to 9.7, where timing attacks against password entries can leak sensitive information. Currently, CVE-2025-21598 and CVE-2025-21599 lack publicly available details, indicating they might still be under investigation or embargo. These CVEs emphasize the need for proactive patching and monitoring of software environments to mitigate risks.[emaillocker id="1283"]

• CVE-2024-6387:- It is also known as "RegreSSHion," is a critical vulnerability in OpenSSH versions 8.5p1 through 9.7p1. It stems from a signal handler race condition in the server component (sshd) triggered by failed client authentication. Exploiting this flaw allows remote attackers to execute arbitrary code and potentially gain root access. It has a CVSS v3.1 score of 9.8 (Critical).
• CVE-2024-39894:- It is a high-severity vulnerability in OpenSSH versions 9.5 through 9.7, with a CVSS v3.1 score of 7.5 (High). The flaw is caused by a logic error in the ObscureKeystrokeTiming feature, which can unintentionally enable timing attacks.
• CVE-2025-21598:- It is a high-severity out-of-bounds read vulnerability in the routing protocol daemon (rpd) of Junos OS and Junos OS Evolved. It allows unauthenticated, network-based attackers to exploit the flaw by sending malformed BGP packets to a device with packet receive trace options enabled. Exploitation leads to a crash of the rpd process, causing a denial-of-service (DoS) condition. The CVE has a CVSS v3.1 score of 7.5 (High).
• CVE-2025-21599:- It is a high-severity vulnerability in the Juniper Tunnel Driver (jtd) of Junos OS Evolved. It allows unauthenticated, network-based attackers to exploit a memory leak by sending specially crafted IPv6 packets, leading to kernel memory exhaustion and a system crash. This results in a denial-of-service (DoS) condition, affecting system availability. The CVE is assigned a CVSS v3.1 score of 7.5 (High).

This vulnerability poses a serious threat to systems running Junos OS Evolved, allowing attackers to cause denial-of-service (DoS) conditions through memory exhaustion. Immediate patching is essential to protect system stability and availability.

RECOMMENDATION:

We strongly recommend you update Juniper Firewall Product to versions:

• For CVE-2025-21598 , please update Junos OS to versions 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, 24.4R1 and Junos OS Evolved to versions 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO.

For CVE-2025-21599 , please update Junos OS Evolved to versions 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO.

REFERENCES:

The following reports contain further technical details: 
https://www.securityweek.com/juniper-networks-fixes-high-severity-vulnerabilities-in-junos-os/