CVE-2024-39524 — OS Command Injection in Networks Junos OS Evolved

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.5HIGHNVD

EPSS

0.2%

top 60.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJul 11

Description

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evol…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.2-EVO — 21.2R3-S8-EVO+5

▶NVDjuniper/junos_os_evolved< 20.4+6

🔴Vulnerability Details

GHSA

GHSA-fwg6-3hj3-4g7v: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with↗2024-07-11

▶

CVEList

Junos OS Evolved: CLI parameter processing issue allows privilege escalation↗2024-07-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39524: An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with↗2024-07-11

▶