CVE-2024-39522OS Command Injection in Networks Junos OS Evolved

CWE-78OS Command Injection4 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.2%
top 60.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJul 11

Description

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evo

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved22.3-EVO22.3R2-EVO+1
NVDjuniper/junos_os_evolved22.3, 22.4+1

🔴Vulnerability Details

2
GHSA
GHSA-x3hw-m9hx-m5ww: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with2024-07-11
CVEList
Junos OS Evolved: CLI parameter processing issue allows privilege escalation2024-07-11

📋Vendor Advisories

1
Juniper
CVE-2024-39522: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with2024-07-11
CVE-2024-39522 — OS Command Injection | cvebase