CVE-2024-21615Incorrect Default Permissions in Networks Junos OS

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.0%
top 89.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedApr 12

Description

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved21.3-EVO21.3R3-S5-EVO+7
CVEListV5juniper_networks/junos_os21.421.4R3-S5+6
NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

2
GHSA
GHSA-fhrq-x65x-r754: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access con2024-04-12
CVEList
Junos OS and Junos OS Evolved: A low-privileged user can access confidential information2024-04-12

📋Vendor Advisories

1
Juniper
CVE-2024-21615: An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access con2024-04-12
CVE-2024-21615 — Incorrect Default Permissions | cvebase