Juniper Networks J-Web Vulnerability to Execute Remote Commands
CVE-2024-39565

8.8HIGH

Key Information:

Vendor: Juniper Networks, Inc.
Status: Junos Os
Vendor: CVE Published:; 10 July 2024

🔔 Create Juniper Networks, Inc. Vulnerability Alert

What is CVE-2024-39565?

An XPath Injection vulnerability exists in J-Web as part of Juniper Networks' Junos OS, allowing an unauthenticated, network-based attacker to execute remote commands on devices. This occurs when an administrator is logged into a J-Web session or has previously logged out, leading to an ability for attackers to execute commands with the credentials of the logged-in user. This flaw can result in unauthorized control over the affected device, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS 0 < 21.2R3-S8

Junos OS 21.4 < 21.4R3-S7

Junos OS 22.2 < 22.2R3-S4

References

https://supportportal.juniper.net/JSA83023

vendor-advisory

https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/...

https://support.juniper.net/support/downloads/?p=283

signature

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 25, 2024

Credit

Juniper SIRT would like to acknowledge and thank CataLpa of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability.

JSON

Juniper Networks, Inc.

What is CVE-2024-39565?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.