CVE-2024-39524

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 20.4R3-S7-EVO Junos OS Evolved versions 21.2-EVO prior to 21.2R3-S8-EVO Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S7-EVO Junos OS Evolved versions 22.2-EVO prior to 22.2R3-EVO Junos OS Evolved versions 22.3-EVO prior to 22.3R2-EVO Junos OS Evolved versions 22.4-EVO prior to 22.4R2-EVO

Description An Improper Neutralization of Special Elements issue in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users to execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.

Recommendations Update to version 20.4R3-S7-EVO or later for Junos OS Evolved versions prior to 20.4R3-S7-EVO Update to version 21.2R3-S8-EVO or later for Junos OS Evolved versions 21.2-EVO prior to 21.2R3-S8-EVO Update to version 21.4R3-S7-EVO or later for Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S7-EVO Update to version 22.2R3-EVO or later for Junos OS Evolved versions 22.2-EVO prior to 22.2R3-EVO Update to version 22.3R2-EVO or later for Junos OS Evolved versions 22.3-EVO prior to 22.3R2-EVO Update to version 22.4R2-EVO or later for Junos OS Evolved versions 22.4-EVO prior to 22.4R2-EVO