PT-2024-5534 · Juniper Networks · Junos Evolved
Published
2024-07-10
·
Updated
2024-09-23
·
CVE-2024-39521
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS Evolved versions 21.1R1-EVO through 21.2R3-S8-EVO
Junos OS Evolved versions prior to 21.4R3-S7-EVO
Junos OS Evolved versions prior to 22.1R3-S6-EVO
Junos OS Evolved versions prior to 22.2R3-EVO
Junos OS Evolved versions prior to 22.3R2-EVO
Description
An Improper Neutralization of Special Elements issue in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
Recommendations
For versions 21.1R1-EVO through 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later.
For versions prior to 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later.
For versions prior to 22.1R3-S6-EVO, update to version 22.1R3-S6-EVO or later.
For versions prior to 22.2R3-EVO, update to version 22.2R3-EVO or later.
For versions prior to 22.3R2-EVO, update to version 22.3R2-EVO or later.
As a temporary workaround, consider restricting access to the Junos OS Evolved CLI to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Evolved