CVE-2023-28983 — OS Command Injection in Networks Junos OS Evolved

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 26.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 17

Latest updateApr 18

Description

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4R1-EVO — 21.4*+1

▶NVDjuniper/junos_os_evolved21.4

🔴Vulnerability Details

GHSA

GHSA-g3qx-fhf5-4m26: An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authent↗2023-04-18

▶

CVEList

Junos OS Evolved: Shell Injection vulnerability in the gNOI server↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28983: An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authent↗2023-04-17

▶