CVE-2024-39546

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.2R3-S8-EVO Junos OS Evolved versions 21.4 prior to 21.4R3-S6-EVO Junos OS Evolved versions 22.1 prior to 22.1R3-S5-EVO Junos OS Evolved versions 22.2 prior to 22.2R3-S3-EVO Junos OS Evolved versions 22.3 prior to 22.3R3-S3-EVO Junos OS Evolved versions 22.4 prior to 22.4R3-EVO Junos OS Evolved versions 23.2 prior to 23.2R2-EVO

Description A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.

Recommendations For versions prior to 21.2R3-S8-EVO, update to 21.2R3-S8-EVO or later. For versions 21.4 prior to 21.4R3-S6-EVO, update to 21.4R3-S6-EVO or later. For versions 22.1 prior to 22.1R3-S5-EVO, update to 22.1R3-S5-EVO or later. For versions 22.2 prior to 22.2R3-S3-EVO, update to 22.2R3-S3-EVO or later. For versions 22.3 prior to 22.3R3-S3-EVO, update to 22.3R3-S3-EVO or later. For versions 22.4 prior to 22.4R3-EVO, update to 22.4R3-EVO or later. For versions 23.2 prior to 23.2R2-EVO, update to 23.2R2-EVO or later.