CVE-2023-28960

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions 20.4 through 20.4R3-S5-EVO Juniper Networks Junos OS Evolved versions 21.2 through 21.2R3-EVO Juniper Networks Junos OS Evolved versions 21.3 through 21.3R3-EVO Juniper Networks Junos OS Evolved versions 21.4 through 21.4R2-EVO

Description The issue is related to an Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved, allowing a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container, leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default.

Recommendations For Juniper Networks Junos OS Evolved versions 20.4 through 20.4R3-S5-EVO, update to version 20.4R3-S5-EVO or later. For Juniper Networks Junos OS Evolved versions 21.2 through 21.2R3-EVO, update to version 21.2R3-EVO or later. For Juniper Networks Junos OS Evolved versions 21.3 through 21.3R3-EVO, update to version 21.3R3-EVO or later. For Juniper Networks Junos OS Evolved versions 21.4 through 21.4R2-EVO, update to version 21.4R2-EVO or later. As a temporary workaround, consider disabling Docker on systems where it is not necessary to minimize the risk of exploitation.