CVE-2024-39524
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
All versions before 20.4R3-S7-EVO,
21.2-EVO versions before 21.2R3-S8-EVO,
21.4-EVO versions before 21.4R3-S7-EVO,
22.2-EVO versions before 22.2R3-EVO,
22.3-EVO versions before 22.3R2-EVO,
22.4-EVO versions before 22.4R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved | 0 < 20.4R3-S7-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.2-EVO < 21.2R3-S8-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.4-EVO < 21.4R3-S7-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.2-EVO < 22.2R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.3-EVO < 22.3R2-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.4-EVO < 22.4R2-EVO | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Workarounds
There are no known workarounds for this issue.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.