CVE-2024-39512Improper Physical Access Control in Networks Junos OS Evolved

CWE-1263Improper Physical Access Control4 documents4 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 63.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJul 10
Latest updateJul 11

Description

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges. This issue affects Junos OS Evolved: * from 23.2R2-EVO before 23.2R2-S1-EVO

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved23.2R2-EVO23.2R2-S1-EVO+1
NVDjuniper/junos_os_evolved23.2, 23.4+1

🔴Vulnerability Details

2
GHSA
GHSA-7x3w-3vjx-fhqv: An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical ac2024-07-11
CVEList
Junos OS Evolved: User is not logged out when the console cable is disconnected2024-07-10

📋Vendor Advisories

1
Juniper
CVE-2024-39512: An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical ac2024-07-10
CVE-2024-39512 — Improper Physical Access Control | cvebase