CVE-2024-39527

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.4R3-S8 Junos OS version 22.2 prior to 22.2R3-S5 Junos OS version 22.3 prior to 22.3R3-S4 Junos OS version 22.4 prior to 22.4R3-S4 Junos OS version 23.2 prior to 23.2R2-S2 Junos OS version 23.4 prior to 23.4R2

Description The issue is related to an exposure of sensitive information to an unauthorized actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices. This vulnerability allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.

Recommendations For versions prior to 21.4R3-S8, update to version 21.4R3-S8 or later. For version 22.2 prior to 22.2R3-S5, update to version 22.2R3-S5 or later. For version 22.3 prior to 22.3R3-S4, update to version 22.3R3-S4 or later. For version 22.4 prior to 22.4R3-S4, update to version 22.4R3-S4 or later. For version 23.2 prior to 23.2R2-S2, update to version 23.2R2-S2 or later. For version 23.4 prior to 23.4R2, update to version 23.4R2 or later.