Physical Access Control Vulnerability Allows Attacker Access to User Accounts
CVE-2024-39512

6.6MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 10 July 2024

🔔 Create Juniper Networks Vulnerability Alert

What is CVE-2024-39512?

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.

When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.

This issue affects Junos OS Evolved:

from 23.2R2-EVO before 23.2R2-S1-EVO,
from 23.4R1-EVO before 23.4R2-EVO.

Affected Version(s)

Junos OS Evolved 23.2R2-EVO < 23.2R2-S1-EVO

Junos OS Evolved 23.4R1-EVO < 23.4R2-EVO

References

https://supportportal.juniper.net/JSA82977

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 25, 2024