CVE-2024-21615
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects:
Junos OS:
all versions before 21.2R3-S7,
from 21.4 before 21.4R3-S5,
from 22.1 before 22.1R3-S5,
from 22.2 before 22.2R3-S3,
from 22.3 before 22.3R3-S2,
from 22.4 before 22.4R3,
from 23.2 before 23.2R1-S2.
Junos OS Evolved:
all versions before 21.2R3-S7-EVO,
from 21.3 before 21.3R3-S5-EVO,
from 21.4 before 21.4R3-S5-EVO,
from 22.1 before 22.1R3-S5-EVO,
from 22.2 before 22.2R3-S3-EVO,
from 22.3 before 22.3R3-S2-EVO,
from 22.4 before 22.4R3-EVO,
from 23.2 before 23.2R1-S2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 0 < 21.2R3-S7 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S5 | affected |
| Juniper Networks | Junos OS | 22.1 < 22.1R3-S5 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3-S3 | affected |
| Juniper Networks | Junos OS | 22.3 < 22.3R3-S2 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R3 | affected |
| Juniper Networks | Junos OS | 23.2 < 23.2R1-S2 | affected |
| Juniper Networks | Junos OS Evolved | 0 < 21.2R3-S7-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.3-EVO < 21.3R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.4-EVO < 21.4R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.1-EVO < 22.1R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.2-EVO < 22.2R3-S3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.3-EVO < 22.3R3-S2-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.4-EVO < 22.4R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 23.2-EVO < 23.2R1-S2 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
Workarounds
To reduce the risk of exploitation, enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts and networks to the NETCONF service.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://supportportal.juniper.net/JSA75756
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
References
- https://supportportal.juniper.net/JSA75756
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.