Unauthorized Access to Protected Files in Junos OS CLI
CVE-2024-39527

5.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 October 2024

Summary

A vulnerability in the command-line interface of Juniper Networks Junos OS on SRX Series devices allows local, low-privileged users access to sensitive files that should remain protected. By executing specially crafted CLI commands, these users can expose and view contents of secure files on the file system, potentially leveraging this information for further system impact. This issue highlights significant security concerns, especially for environments relying on proper permission controls to safeguard sensitive data. Users are advised to assess their systems and apply necessary updates to mitigate this risk.

Affected Version(s)

Junos OS SRX Series 0 < 21.4R3-S8

Junos OS SRX Series 22.2 < 22.2R3-S5

Junos OS SRX Series 22.3 < 22.3R3-S4

References

https://supportportal.juniper.net/JSA88104

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database