CVE-2024-39563

Name of the Vulnerable Software and Affected Versions Junos Space version 24.1R1

Description A Command Injection issue in Juniper Networks Junos Space allows an unauthenticated, network-based attacker to execute arbitrary shell commands on the Junos Space Appliance by sending a specially crafted request. This is due to insufficient input sanitization in a specific script within the Junos Space web application, allowing attacker-controlled input from a GET request to exploit the vulnerability and gain complete control of the device.

Recommendations For Junos Space version 24.1R1, consider disabling the vulnerable script in the web application as a temporary workaround until a patch is available. Restrict access to the Junos Space Appliance to minimize the risk of exploitation. Avoid using the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.