CVE-2025-52963
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service.
Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS:
- All versions before 21.2R3-S9,
- from 21.4 before 21.4R3-S11,
- from 22.2 before 22.2R3-S7,
- from 22.4 before 22.4R3-S7,
- from 23.2 before 23.2R2-S4,
- from 23.4 before 23.4R2-S5,
- from 24.2 before 24.2R2-S1,
- from 24.4 before 24.4R1-S3, 24.4R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 0 < 21.2R3-S9 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S11 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3-S7 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R3-S7 | affected |
| Juniper Networks | Junos OS | 23.2 < 23.2R2-S4 | affected |
| Juniper Networks | Junos OS | 23.4 < 23.4R2-S5 | affected |
| Juniper Networks | Junos OS | 24.2 < 24.2R2-S1 | affected |
| Juniper Networks | Junos OS | 24.4 < 24.4R1-S3, 24.4R2 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
Workarounds
Utilize CLI authorization to disallow execution of the 'request interface' command. Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.