CVE-2024-39546 — Missing Authorization in Networks Junos OS Evolved

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 76.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJul 11

Description

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4 — 21.4R3-S6-EVO+6

▶NVDjuniper/junos_os_evolved17 versions+16

🔴Vulnerability Details

CVEList

Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation↗2024-07-11

▶

GHSA

GHSA-27x2-77hh-wh7h: A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated↗2024-07-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39546: A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated↗2024-07-11

▶