PT-2024-7151 · Juniper Networks · Junos Evolved

Published

2024-09-25

·

Updated

2024-10-15

·

CVE-2024-47495

CVSS v4.0

8.4

High

VectorAV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Green
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks Junos OS Evolved versions from 22.3-EVO prior to 22.3R3-S4-EVO Juniper Networks Junos OS Evolved versions from 22.4-EVO prior to 22.4R3-S3-EVO Juniper Networks Junos OS Evolved versions from 23.2-EVO prior to 23.2R2-S1-EVO Juniper Networks Junos OS Evolved versions from 23.4-EVO prior to 23.4R2-S1-EVO
Description The issue is related to an authorization bypass through a user-controlled key, allowing a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines are in use. This can enable the attacker to bypass existing security restrictions and access the system.
Recommendations For versions prior to 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later. For versions from 21.4-EVO prior to 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later. For versions from 22.2-EVO prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For versions from 22.3-EVO prior to 22.3R3-S4-EVO, update to version 22.3R3-S4-EVO or later. For versions from 22.4-EVO prior to 22.4R3-S3-EVO, update to version 22.4R3-S3-EVO or later. For versions from 23.2-EVO prior to 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For versions from 23.4-EVO prior to 23.4R2-S1-EVO, update to version 23.4R2-S1-EVO or later.

Fix

IDOR

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2024-08483
CVE-2024-47495

Affected Products

Junos Evolved