CVE-2024-39544 — Incorrect Default Permissions in Networks Junos OS Evolved

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 90.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 11

Description

An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentialit…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.2-EVO — 21.2R3-S7-EVO+7

▶NVDjuniper/junos_os_evolved< 20.4+8

🔴Vulnerability Details

GHSA

GHSA-mx2f-fx3v-gg7x: An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local↗2024-10-11

▶

CVEList

Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files↗2024-10-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39544: An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local↗2024-10-11

▶