CVE-2023-28983

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions 21.4R1-EVO through 22.1R1-EVO

Description The issue is related to an OS Command Injection vulnerability in the gRPC Network Operations Interface (gNOI) server module. This allows an authenticated, low-privileged, network-based attacker to inject shell commands and execute code. The vulnerability can be exploited by a remote attacker, potentially leading to the execution of arbitrary code.

Recommendations For Juniper Networks Junos OS Evolved versions 21.4R1-EVO through 22.1R1-EVO, update to version 22.1R1-EVO or later to resolve the issue. As a temporary workaround, consider restricting access to the gNOI server module to minimize the risk of exploitation.