CVE-2023-28983

Summary

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS Evolved21.4R1-EVO < 21.4*affected
Juniper NetworksJunos OS Evolved22.1 < 22.1R1-EVOaffected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

Workarounds

To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References