CVE-2024-39563

CWE-77 — Command Injection4 documents4 sources

Severity

6.9MEDIUM

EPSS

1.3%

top 19.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos Space Juniper Junos Space

Timeline

PublishedOct 11

Description

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can explo…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_space24.1R1

▶NVDjuniper/junos_space24.1

🔴Vulnerability Details

GHSA

GHSA-h73h-rm47-56f4: A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted reques↗2024-10-11

▶

CVEList

Junos Space: Remote Command Execution (RCE) vulnerability in web application↗2024-10-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39563: A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted reques↗2024-10-11

▶