Authorization Bypass Through User-Controlled Key Vulnerability Affects Juniper Networks Junos OS Evolved Devices
CVE-2024-47495

6.7MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 October 2024

🔔 Create Juniper Networks Vulnerability Alert

What is CVE-2024-47495?

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices.

This issue affects: Juniper Networks Junos OS Evolved with dual-REs:

All versions before 21.2R3-S8-EVO,
from 21.4-EVO before 21.4R3-S8-EVO,
from 22.2-EVO before 22.2R3-S4-EVO,
from 22.3-EVO before 22.3R3-S4-EVO,
from 22.4-EVO before 22.4R3-S3-EVO,
from 23.2-EVO before 23.2R2-S1-EVO,
from 23.4-EVO before 23.4R2-S1-EVO.

This issue does not affect Juniper Networks Junos OS.

Affected Version(s)

Junos OS Evolved 0 < 21.2R3-S8-EVO

Junos OS Evolved 21.4-EVO < 21.4R3-S8-EVO

Junos OS Evolved 22.2-EVO < 22.2R3-S4-EVO

References

https://kb.juniper.net/JSA88122

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 25, 2024