Privilege Escalation Vulnerability Affects Juniper Networks Junos OS Evolved
CVE-2024-39546

7.3HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Summary

A serious vulnerability exists in the Socket Intercept (SI) command file interface of Juniper Networks' Junos OS Evolved. This flaw allows an authenticated, low-privilege local attacker to manipulate specific files, which can lead to the execution of arbitrary commands with root privileges. The consequence of this vulnerability is potential privilege escalation, which can ultimately compromise the integrity of the affected system. Several versions of Junos OS Evolved are impacted, necessitating immediate attention for those operating prior to the specified patched versions.

Affected Version(s)

Junos OS Evolved 0 < 21.2R3-S8-EVO

Junos OS Evolved 21.4 < 21.4R3-S6-EVO

Junos OS Evolved 22.1 < 22.1R3-S5-EVO

References

https://supportportal.juniper.net/JSA83008

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database