CVE-2024-39527Sensitive Information Exposure in Networks Junos OS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 88.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 11

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may conta

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S5+5
NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

2
GHSA
GHSA-5r8c-mmhr-j4hp: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Se2024-10-11
CVEList
Junos OS: SRX Series: Low privileged user able to access sensitive information on file system2024-10-11

📋Vendor Advisories

1
Juniper
CVE-2024-39527: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Se2024-10-11
CVE-2024-39527 — Sensitive Information Exposure | cvebase