CVE-2024-21619Information Exposure via Error Message in Networks Junos OS

CWE-209Information Exposure via Error MessageCWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.2%
top 62.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 25
Latest updateJan 26

Description

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S7+8
NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

2
GHSA
GHSA-xvh3-qgp6-m4r6: A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerabilit2024-01-26
CVEList
Junos OS: SRX Series and EX Series: J-Web - unauthenticated access to temporary files containing sensitive information2024-01-25

📋Vendor Advisories

1
Juniper
CVE-2024-21619: A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerabilit2024-01-25
CVE-2024-21619 — Information Exposure via Error Message | cvebase