CVE-2024-39512

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S1-EVO Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO

Description An issue in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to gain access to a user account. When the console cable is disconnected, the logged-in user is not logged out, enabling a malicious attacker to resume a previous session and possibly gain administrative privileges.

Recommendations For Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO, update to version 23.4R2-EVO or later. As a temporary workaround, consider restricting physical access to the console port to minimize the risk of exploitation.