Privilege Escalation Vulnerability Affects Juniper Networks Junos OS Evolved

CVE-2024-39546

7.3HIGH

Key Information

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Badges

👾 Exploit Exists

Summary

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO.

Affected Version(s)

Junos OS Evolved < 21.2R3-S8-EVO

Junos OS Evolved < 21.4R3-S6-EVO

Junos OS Evolved < 22.1R3-S5-EVO

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 11, 2024
Vulnerability Reserved.
Jun 25, 2024
Initial Publication
Apr 10, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database