CVE-2024-39532

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S9 Junos OS versions 22.2 prior to 22.2R2-S1, 22.2R3 Junos OS versions 22.3 prior to 22.3R1-S1, 22.3R2 Junos OS Evolved versions prior to 22.1R3-EVO Junos OS Evolved versions 22.2-EVO prior to 22.2R2-S1-EVO, 22.2R3-EVO Junos OS Evolved versions 22.3-EVO prior to 22.3R1-S1-EVO, 22.3R2-EVO

Description: The issue is related to the disclosure of sensitive information through log files in Juniper Networks Junos OS and Junos OS Evolved. A local, authenticated attacker with high privileges can access sensitive information when another user performs a specific operation, causing the sensitive information to be stored as plain text in a specific log file.

Recommendations: For Junos OS versions prior to 21.2R3-S9, update to version 21.2R3-S9 or later. For Junos OS versions 21.4 prior to 21.4R3-S9, update to version 21.4R3-S9 or later. For Junos OS versions 22.2 prior to 22.2R2-S1, 22.2R3, update to version 22.2R2-S1, 22.2R3 or later. For Junos OS versions 22.3 prior to 22.3R1-S1, 22.3R2, update to version 22.3R1-S1, 22.3R2 or later. For Junos OS Evolved versions prior to 22.1R3-EVO, update to version 22.1R3-EVO or later. For Junos OS Evolved versions 22.2-EVO prior to 22.2R2-S1-EVO, 22.2R3-EVO, update to version 22.2R2-S1-EVO, 22.2R3-EVO or later. For Junos OS Evolved versions 22.3-EVO prior to 22.3R1-S1-EVO, 22.3R2-EVO, update to version 22.3R1-S1-EVO, 22.3R2-EVO or later.