CVE-2024-39565XPath Injection in Networks INC Junos OS

CWE-643XPath Injection4 documents4 sources
Severity
7.7HIGHNVD
EPSS
0.6%
top 29.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks INC Junos OSJuniper Junos
Timeline
PublishedJul 10
Latest updateJul 11

Description

An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks_inc/junos_os21.421.4R3-S7+6
NVDjuniper/junos< 21.2+7

Patches

Patch: support.juniper.netPatch: support.juniper.net

🔴Vulnerability Details

2
GHSA
GHSA-9xg8-vx2w-7c89: An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows a2024-07-11
CVEList
Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.2024-07-10

📋Vendor Advisories

1
Juniper
CVE-2024-39565: An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows a2024-07-10
CVE-2024-39565 — XPath Injection | cvebase