CVE-2018-0024 — Improper Privilege Management in Networks Junos OS

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper EX Series +3 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D45+4

▶juniperjuniper/ex_series

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

▶NVDjuniper/junos5 versions+4

🔴Vulnerability Details

GHSA

GHSA-35vv-xp9m-c452: An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain f↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0024: An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain f↗2018-07-11

▶